To enable pacman to verify a package (see package and database signature checking), a package file may be cryptographically signed by its packager or an automated process.
Detached PGP signature
Detached PGP signatures (see gpg --detach-sign) in binary form (see gpg --no-armor) with a
.sig suffix are supported.
They are provided next to the package file (e.g.