GnuPG1 is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh).
GnuPG is used to verify the integrity of a package, and to ensure the contents were not tampered with at any point during the transaction lifecycle. Package maintainers sign their packages with a unique key, which is can be later added to a keyring and sent to a remote machine. When the package is downloaded, it may contain a signature file. This signature file is used, along with a public key, to verify contents of the downloaded package and it integrity.
-----BEGIN PGP MESSAGE-----
hQIMA7EMoGPC24E/ARAApuFX/5kJzU472CORw4oLwwX+EH6rZAchX4QjrS4XEWap
LA0LsgZjpZW5SJP4KHLBa9uqiWg28ZTbGcKwd2wEJj1Yqdwe/J2oGRyP4z/73RQV
RXJmvdjFpTAB9vW6eD8BzpM9717jsS/3/7KsPYWQbbtt07S1WoXBmDZoDzAH2Iie
uz3tlbAktEg6K8UH7jyZ8Yf2FFpMqzlFuOl9tMO1V1Wsab0Sco8Y6LbqFiBNnAdm
5eHLcaBptv1vPes/1FuUUeM6dgN9D9c4Qr1vZVq5oUu0220RGyn8M4p++dPSRwgP
VK2ZOfmyayMnbbDwRTccuAFw2hgv828ydAPo0WO1+wnEsW8GdvXz28yQWmxNCe7S
7r94xX5iGvsoDtPmJelVnvApH99cEj/v53aoUM4XbwkjfNynxbt9G+XCqFT5Hvtn
OXLEGZq1wkG6aR+eteknod+kbGoHAO8Z+IVwXW1BtDJIHeONQAK2+fz98EC2bx4s
QvnWbGTp0Tqyc2ojpd3XFi9CwyG910697JNmWoRBSx0rgtC6T+EE9kooTyzs4FJe
paqSF1HJCUhwM3lebOR1IqWwkNUwaVwsLHPi6grDAHttT5WDyzR7Z1HVYOmO/5rj
8it15DNeLyPm8JDoc9e20kPCgVGWWOnPFLHDvURDsGlqByQS2YufTyIP/QeK3rLS
TwEMm75FoqIpWbqX+RUdlxCMNRRapNPxJzSSZIZmVaJIbeSLM/kVhX01C2t7dhfQ
pIgmkqBWYUnbniqHhQyhh3n2U4z/MeGZheX/hOaqBzA=
=Ik2u
-----END PGP MESSAGE-----
Just above, is a very short encrypted message that I've sent to myself. I know, it must look like a grabbled mess of ascii characters. However, this mess severs a unique purpose. In its current form, it is an unreadable message, that only I can decyper with my public key and password, to read the encrypted contents. The contents of this particular message are very simple. Decrypted it says:
Hello World!
So, why would anyone want to take steps to learn how to encrypt, decrypt, sign, or check the signature of a package? That answer should be plain and simple, as these steps when used together, help ensure the security of your system.