How do I verify a gpg signature matches a public key file