You want to verify that a GnuPG-signed file has not been altered.
To check a signed file, myfile:
$ gpg --verify myfile
To check myfile against a detached signature in myfile.sig: [Recipe 7.14]
$ gpg --verify myfile.sig myfile
Decrypting a signed file [Recipe 7.5] also checks its signature, e.g.:
$ gpg myfile
When GnuPG detects a signature, it lets you know:
gpg: Signature made Wed 15 May 2002 10:19:20 PM EDT using DSA key ID 00F5B71F
If the signed file has not been altered, you'll see a result like:
gpg: Good signature from "Shawn Smith <email@example.com>"
gpg: BAD signature from "Shawn Smith <firstname.lastname@example.org>"
indicates that the file is not to be trusted.
If you don't have the public key needed to check the signature, contact the key owner or check keyservers [Recipe 7.21] to obtain it, then import it. [Recipe 7.10]