I'm not familiar with dpkg-sig so I can't really help you on that front. If you ask me, you already went through a lot of trouble, and considering you are performing this on an online machine, I would suggest that at this point you are better off simply building from source.

This of course does not respond as to why you can't get it to verify the signature. Usually these tools return some sort of message, whether it is BADSIG, GOODSIG, or complaining about the public key missing. This indicates there may be an issue with your setup. Could you try on another installation/machine. Like, boot from a Debian live and try there.