A.3.2. Verifying Signature of Packages
To check the GnuPG signature of an RPM file after importing the builder's GnuPG key, use the following command (replace <rpm_file> with the file name of the RPM package):
rpm -K <rpm_file>
If all goes well, the following message is displayed: rsa sha1 (md5) pgp md5 OK
. This means that the signature of the package has been verified, that it is not corrupt, and is therefore safe to install and use.