The following error occurs when the value on the signature action could not be verified using the certificate that the action claims was paired with the key used to sign the package.
pkg install: A signature in pkg://test/example_pkg@1.0,5.11-0:20110919T195801Z could not be verified for this reason: The signature value did not match the expected value. Res: 0 The signature's hash is 0ce15c572961b7a0413b8390c90b7cac18ee9010
There are two possible causes for an error like this:
The first possible cause is that the package has been changed since it was signed. This is unlikely but is possible if the package manifest has been hand edited since signing. Without manual intervention, the package should not have changed since it was signed because pkgsend strips existing signature actions during publication because the old signature is invalid when the package gets a new time stamp.
The second, more likely cause is that the key and certificate used to the sign the package were not a matched pair. If the certificate given to the -c option of pkgsign was not created with the key given to the -k option of pkgsign, the package is signed, but its signature will not be verified.