i don't think there are many ways to fix this. a possible solution is 1. delete all keys with keyid==MASTER key from the archive keyring (to prevent forged signatures) 2. add --keyring masterkeyring to gpg arguments 3. do --check-sigs taking care of unknown pubkeys this might be buggy though.