Arch Linux User Repository

key URL gives message in Chrome: This server could not prove that it is hkps.pool.sks-keyservers.net; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

I had the same issue as asitdepends today, Fixed by downloading key from: https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0xF54984BFA16C640F gpg --import /path/to/key

Just checked again... Everything is fine. Looks like your tarballs are broken. You could check with gpg, that should report an error. For me it gives: % gpg --verify libpng-1.5.22.tar.xz.asc gpg: assuming signed data in 'libpng-1.5.22.tar.xz' gpg: Signature made Thu 26 Mar 2015 02:20:07 PM CET using RSA key ID A16C640F gpg: Good signature from "Glenn Randers-Pehrson (mozilla) <glennrp+bmo@gmail.com>" [unknown] gpg: aka "Glenn Randers-Pehrson (libpng) <glennrp@users.sourceforge.net>" [unknown] gpg: aka "Glenn Randers-Pehrson (pngcrush) <glennrp@users.sourceforge.net>" [unknown]

...can't get it to work. The sha256 checksums are different since weeks at my site. Got 2c771f7106d684ca6129f099efd6ee5858abced1140ccb45a823f6af73728765 for libpng-1.5.22.tar.xz and de4ecd049a0838c56a7e73cca8ed9f2ce99723b29b6d4da220a5e79db206e66c for libpng-1.5.22-apng.patch.gz. Downloaded several times, always same checksums as called above. Strange.

Thanks, that was also the problem in my case (which I mistakenly took for a md5 error).

Thanks @eworm

Then just import it: gpg --recv-keys F54984BFA16C640F

I have a error with the gpg public key (unknow public key F54984BFA16C640F)

It does not have a md5sum at all! :-p Just re-checked, the sha256sum is correct and the signature is valid. What exactly is your error message? Did you verify the you have a tarball with about 729KB?