Quote Originally Posted by rookcifer View Post
Correct.
Okay. And the following command achieves this:

gpg --verify truecrypt*.sig


i.e. gpg finds the public key for Truecrypt on my public keyring.

Correct?

It seems to me the original Truecrypt archive is not being referenced here. What is gpg comparing to achieve authentication?