Arch Linux PKGBUILD and gpg validkey?

I recently i learned how to install package from unsupport repository using validkey, with some pacman and gpg command, but i noticed some pacakge doesn't have validkey only md5 keys, so how to do make the package trusted with key different than gpg validkey, and how do you get those key without using package manager and instead download the tar.gz file and get key from it and verify and trust ?