GPG Verify Signature

We can verify a signed file with the following command(s) -

Import Public Key

$ gpg --import public-key.gpg

Verify Signature

If the signature is in seperate file (as created with the --detach-sign option) -

$ gpg --verify myfile.tar.gz.sig myfile.tar.gz

If the signature is appended to the file (as created with the –sign option) -

$ gpg --verify myfile.tar.gz.gpg

Source: WikiHow