If you don't want to deal with fixing the key problems now, you can update it with one of these:
paru -S openssl-1.1 --mflags "--skippgpcheck"
yay -S openssl-1.1 --mflags "--skippgpcheck"
I only confirmed that it works with paru, but paru's manpage lists "mflags" as an option it supports too.
Search Criteria
Package Details: openssl-1.1 1.1.1.w-9
Package Actions
| Git Clone URL: | https://aur.archlinux.org/openssl-1.1.git (read-only, click to copy) |
|---|---|
| Package Base: | openssl-1.1 |
| Description: | The Open Source toolkit for Secure Sockets Layer and Transport Layer Security |
| Upstream URL: | https://www.openssl.org |
| Licenses: | custom:BSD |
| Provides: | libcrypto.so, libssl.so |
| Submitter: | solarfire |
| Maintainer: | the-k |
| Last Packager: | the-k |
| Votes: | 28 |
| Popularity: | 8.11 |
| First Submitted: | 2026-01-27 20:20 (UTC) |
| Last Updated: | 2026-02-23 13:23 (UTC) |
Dependencies (2)
Required by (266)
- activinspire
- adsklicensing
- aeon-bin
- akkoma-git
- alist-desktop-bin
- amazon-workspaces-bin
- amazon-workspaces-legacy-bin
- anytxt-bin
- apollo-studio
- aptos (requires libssl.so)
- aptos (requires libcrypto.so)
- arti-git (requires libssl.so)
- astralrinth-app-bin
- atom-ng-bin
- atrust-bin
- aur-build-worker
- autenticacao-gov-pt-bin
- azahar-git (requires libcrypto.so)
- azahar-git (requires libssl.so)
- basemark
- Show 246 more...
Sources (26)
- ca-dir.patch
- CVE-2023-5678.patch
- CVE-2024-0727-1.patch
- CVE-2024-0727-2.patch
- CVE-2024-13176.patch
- CVE-2024-2511.patch
- CVE-2024-4741.patch
- CVE-2024-5535-1.patch
- CVE-2024-5535-2.patch
- CVE-2024-5535-3.patch
- CVE-2024-5535-4.patch
- CVE-2024-5535-5.patch
- CVE-2024-5535-6.patch
- CVE-2024-5535-7.patch
- CVE-2024-5535-8.patch
- CVE-2024-9143.patch
- CVE-2025-68160.patch
- CVE-2025-69418.patch
- CVE-2025-69419-1.patch
- CVE-2025-69419-2.patch
- CVE-2025-69420.patch
- CVE-2025-69421.patch
- CVE-2025-9230.patch
- CVE-2026-22795_CVE-2026-22796.patch
- https://www.openssl.org/source/openssl-1.1.1w.tar.gz
- https://www.openssl.org/source/openssl-1.1.1w.tar.gz.asc
MagnusVesper commented on 2026-03-20 17:16 (UTC) (edited on 2026-03-20 17:17 (UTC) by MagnusVesper)
panther666 commented on 2026-03-14 14:54 (UTC) (edited on 2026-03-14 15:02 (UTC) by panther666)
[thunder ~]# gpg --keyserver "hkps://keys.openpgp.org" --recv-keys \
7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C \
A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C \
EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 \
8657ABB260F056B1E5190839D9C4D26D0E604491
gpg: key D894E2CE8B3D79F5: new key but contains no user ID - skipped
gpg: /root/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: Schlüssel B8EF1A6BA9DA2D5C: Öffentlicher Schlüssel "Tomáš Mráz <tomas@openssl.foundation>" importiert
gpg: key D5E9E43F7DF9EE8C: new key but contains no user ID - skipped
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 3
gpg: ohne User-ID: 2
gpg: importiert: 1
[thunder ~]#yay -Sua
:: 1 Paket zu upgraden/installieren.
1 aur/openssl-1.1 1.1.1.w-2 -> 1.1.1.w-9
=> Überprüfe Signaturen der Quell-Dateien mit gpg...
openssl-1.1.1w.tar.gz ... FEHLGESCHLAGEN (Unbekannter öffentlicher Schlüssel D894E2CE8B3D79F5)
==> FEHLER: Eine oder mehrere PGP-Signaturen konnten nicht überprüft werden!
-> Fehler beim Erstellen: openssl-1.1-exit status 1
-> Die folgenden Pakete konnten nicht installiert werden. Ein manueller Eingriff ist erforderlich:
openssl-1.1 - exit status 1
gpg: Verzeichnis `/tmp/.gnupg' erzeugt
gpg: /tmp/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: error reading key: Kein öffentlicher Schlüssel
gpg: Verzeichnis `/tmp/.gnupg' erzeugt
gpg: /tmp/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: error reading key: Kein öffentlicher Schlüssel
gpg: Verzeichnis `/tmp/.gnupg' erzeugt
gpg: /tmp/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: error reading key: Kein öffentlicher Schlüssel
gpg: Verzeichnis `/tmp/.gnupg' erzeugt
gpg: /tmp/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: error reading key: Kein öffentlicher Schlüssel
:: PGP-Schlüssel müssen importiert werden:
-> 8657ABB260F056B1E5190839D9C4D26D0E604491, benötigt von: openssl-1.1
-> 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C, benötigt von: openssl-1.1
-> A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C, benötigt von: openssl-1.1
-> EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5, benötigt von: openssl-1.1
:: Importieren? [J/n] j
=> Überprüfe Signaturen der Quell-Dateien mit gpg...
openssl-1.1.1w.tar.gz ... FEHLGESCHLAGEN (Unbekannter öffentlicher Schlüssel D894E2CE8B3D79F5)
==> FEHLER: Eine oder mehrere PGP-Signaturen konnten nicht überprüft werden!
-> Fehler beim Erstellen: openssl-1.1-exit status 1
-> Die folgenden Pakete konnten nicht installiert werden. Ein manueller Eingriff ist erforderlich:
openssl-1.1 - exit status 1
Update ist still not working..... Keys still cannot be loaded
unknown open key D894E2CE8B3D79F5
pgp signatures could not be verified
Can anybody help?
TopHatProdxns115 commented on 2026-03-01 06:54 (UTC) (edited on 2026-03-01 06:59 (UTC) by TopHatProdxns115)
@Dethy I looked at your commands, and noticed that the first 4 all seem to ping [https://keys.openpgp.org] . Is the following command also valid for this use case?
gpg --keyserver "hkps://keys.openpgp.org" --recv-keys \
7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C \
A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C \
EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 \
8657ABB260F056B1E5190839D9C4D26D0E604491
If not, please let me know.
Dethy commented on 2026-02-17 19:16 (UTC) (edited on 2026-02-17 19:17 (UTC) by Dethy)
For some reason, CachyOS was failing to import keys no matter what I tried. What ended up actually working for me is to do a direct import. I used the following:
gpg --fetch-keys "https://keys.openpgp.org/vks/v1/by-fingerprint/7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C"
gpg --fetch-keys "https://keys.openpgp.org/vks/v1/by-fingerprint/A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C"
gpg --fetch-keys "https://keys.openpgp.org/vks/v1/by-fingerprint/EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5"
gpg --fetch-keys "https://keys.openpgp.org/vks/v1/by-fingerprint/8657ABB260F056B1E5190839D9C4D26D0E604491"
When two of the keys failed to import, I went straight to the source as used this:
gpg --fetch-keys "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C"
gpg --fetch-keys "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5"
After the keys imported. yay -Sua updated the package successfully.
RicardoPQ commented on 2026-02-17 13:55 (UTC)
@furstblumier 's comment was the solution for me, thanks!
slot commented on 2026-02-16 17:41 (UTC)
I have test error: ../test/recipes/30-test_afalg.t .................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests
the-k commented on 2026-02-14 11:03 (UTC)
What for? They're supplied together with the rest of the package source files.
aliu commented on 2026-02-13 20:38 (UTC)
Shouldn't the checksums for the patches also be verified?
err0x1a commented on 2026-02-06 15:11 (UTC) (edited on 2026-02-06 15:12 (UTC) by err0x1a)
I was experiencing a GPG key verification error while building openssl-1.1-1.1.1.w-7:
packages failed to build: openssl-1.1-1.1.1.w-7
The issue was resolved by running:
sudo pacman-key --refresh-keys
Pinned Comments
the-k commented on 2026-02-01 09:25 (UTC) (edited on 2026-02-03 08:18 (UTC) by the-k)
Check out https://wiki.archlinux.org/title/Makepkg#Signature_checking. Basically, if you use
makepkgdirectly, you'll have to manually import all keys into your user GPG keyring. You can do that by runninggpg --import keys/pgp/*.Some AUR helpers like
yayare able to do that for you. If you encounter server errors like @Exdebianmainuser did, configure GPG to use a better server. Most PGP servers today are unreliable. I recommendhkps://keyserver.ubuntu.com.