diff --git a/archlinux-revoked.sig b/archlinux-revoked.sig
new file mode 100644
index 0000000..52fa707
Binary files /dev/null and b/archlinux-revoked.sig differ
diff --git a/archlinux-trusted.sig b/archlinux-trusted.sig
new file mode 100644
index 0000000..76ff3a3
Binary files /dev/null and b/archlinux-trusted.sig differ
diff --git a/archlinux.gpg.sig b/archlinux.gpg.sig
new file mode 100644
index 0000000..0efc220
Binary files /dev/null and b/archlinux.gpg.sig differ
diff --git a/update-keys b/update-keys
index c9db42e..20f29f8 100755
--- a/update-keys
+++ b/update-keys
@@ -5,7 +5,7 @@ export LANG=C
 TMPDIR=$(mktemp -d)
 trap "rm -rf '${TMPDIR}'" EXIT
 
-KEYSERVER='hkp://pgp.mit.edu'
+KEYSERVER='hkp://keys.gnupg.net'
 GPG="gpg --quiet --batch --no-tty --no-permission-warning --keyserver "${KEYSERVER}" --homedir ${TMPDIR}"
 
 pushd "$(dirname "$0")" >/dev/null
@@ -55,4 +55,11 @@ done < packager-keyids
 
 cat master/*.asc packager/*.asc > archlinux.gpg
 
+for s in archlinux{.gpg,-trusted,-revoked}; do
+	if ! ${GPG} --verify ${s}.sig; then
+		rm -f ${s}.sig
+		gpg --detach-sign --use-agent ${s}
+	fi
+done
+
 popd >/dev/null