Since I had to look this up too many times already, I thought I better write a quick blog post on how to resolve this, so I won’t need to dig in this thread anymore.
If you ever encounter the following error during makepkg, most prominent in the cower package, which is a dependency of the popular AUR helper pacaur.
==> Verifying source file signatures with gpg... cower-17.tar.gz ... FAILED (unknown public key 1EB2638FF56C0C53) ==> ERROR: One or more PGP signatures could not be verified! :: failed to verify cower integrity
The solution here is not to add the key in pacman-key, but with gpg, like this
$ gpg --recv-keys 1EB2638FF56C0C53 gpg: key 1EB2638FF56C0C53: public key "Dave Reisner <email@example.com>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1
Have fun in the AUR and don’t forget to contribute.