The public key to verify the GPG signatures (*.sig files) is kovid.gpg The signatures can be verified using the gpg command and kovid.gpg as: gpg --no-default-keyring --keyring kovid.gpg --verify file.sig file Note that the key is also available on public key servers, with id: 515ACE7C https://pgp.mit.edu/pks/lookup?search=Kovid+Goyal&op=index