GPG Verify Signature
We can verify a signed file with the following command(s) -
Import Public Key
$ gpg --import public-key.gpg
Verify Signature
If the signature is in seperate file (as created with the --detach-sign
option) -
$ gpg --verify myfile.tar.gz.sig myfile.tar.gz
If the signature is appended to the file (as created with the –sign option) -
$ gpg --verify myfile.tar.gz.gpg
Source: WikiHow