To check if the file you have downloaded has been tampered with, you can check that the GnuPG signature matches the contents of the file. Downloading the key directly from key server is of course only possible for keys that are not already installed. For keys that already exist in yourkey server, you need to download the public key for the ID of the key that you want to verify and use the GnuPG software to verify the signature.
If you have installed the GnuPG keyserver correctly, using the GnuPG software tool, for example by using a key server you have to install, you should see the following picture after entering the following command:
If you see a key server configured in the right side of the screen and also used in the signature, a command such as the above command, will attempt to retrieve the needed public key to verify that the file you have downloaded has been tampered with.
If the command produces output such as "No key found", in which case there is no public key for the ID that you provided, ensure that the GnuPG keyserver is configured correctly, and you are using the correct ID.
To try to verify that the file you have downloaded has not been tamperedwith, you can check that the GnuPG signature matches the contents of the file.Use yourGnuPG software or akey server directly to get the key that wasused for creating the signature. Starting from the repackaging of gmp-5.1.0 asgmp-5.1.0a.tar.* the following key is used to sign GMP releases: d2c66b5586