Comment 18 for bug 599695

It appears that the debian-archive-keyring.gpg does not contain the current key used by Debian to sign!

Most probably the change of new stable distribution in Debian resulted in a new key that it is not yet included in the package.

I had the same problem (I use pbuilder in Ubuntu Karmic, with the configuration outlined at the pbuilder howto wiki) and I did the following:

1. I got the key from the Ubuntu keyserver with gpg2. Procedure:

In the search box of page http://keyserver.ubuntu.com:11371/ enter 'debian archive' and select the key with data:

  pub 4096R/473041FA 2010-08-27
  uid Debian Archive Automatic Signing Key (6.0/squeeze) <email address hidden>

Write down the key id (473041FA)

2. I added the key to /etc/apt/trusted.gpg, with apt-key, Procedure (note the hyphen at the end for apt-key to use stdin):

  gpg2 -a --export 473041FA | sudo apt-key add -

3. I modified my ~/.pbuilderrc to use --keyring=/etc/apt/trusted.gpg for DEBOOTSTRAPOPTS when building with a Debian target.