How to verify signed files and what to do if public key not found:

gpg --verify package-archive.sign 

gpg --keyserver wwwkeys.pgp.net --recv-keys 0x<key ID here>