Package Signature

To enable pacman to verify a package (see package and database signature checking), a package file may be cryptographically signed by its packager or an automated process.

Detached PGP signature

Detached PGP signatures (see gpg --detach-sign) in binary form (see gpg --no-armor) with a .sig suffix are supported. They are provided next to the package file (e.g. package-1.0.0-1-any.pkg.tar.zst and package-1.0.0-1-any.pkg.tar.zst.sig).