GnuPG, also known as GPG, is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication.
To verify the file signatures, you need to add the signer’s public key to your trusted PGP/GnuPG keyring:
$ gpg –import keyname.asc
and then verify the .asc file
$ gpg -v –verify [.asc file]
Example, verifying the signature of an openvpn file:
ferdy@ConfigNotes:~$ gpg --import security.key.asc gpg: /home/ferdy/.gnupg/trustdb.gpg: trustdb created gpg: key 2F2B01E7: public key "OpenVPN - Security Mailing List <security@openvpn.net>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: no ultimately trusted keys found ferdy@ConfigNotes:~$ gpg -v --verify openvpn-2.4.4.tar.gz.asc gpg: armor header: Version: GnuPG v1 gpg: assuming signed data in `openvpn-2.4.4.tar.gz' gpg: Signature made Tue 26 Sep 2017 06:19:09 AM PDT using RSA key ID 8CC2B034 gpg: using subkey 8CC2B034 instead of primary key 2F2B01E7 gpg: using PGP trust model gpg: Good signature from "OpenVPN - Security Mailing List <security@openvpn.net>" ...