use gpg --import to import a public key.
gpg --import
use gpg --verify to verify signatures.
gpg --verify
gpg uses a manifest file that contains signatures and filenames.
gpg