Hello,
To import a GPG key for the APK file from the GitHub repository "Blockstream/green_android" on Linux, follow these steps:
--snip--
OP already solved the problem, so i don't see necessity of giving more guide when it's flawed.
Download the repository's GPG key: gpg --recv-keys <KEY_ID>
Depending on PGP version/config on user device, they might see error message like this.
$ gpg --recv-keys "04BE BF2E 35A2 AF2F FDF1 FA5D E7F0 54AA 2E76 E792" gpg: key E7F054AA2E76E792: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
Verify the APK signing certificate fingerprint:
jarsigner -verify -verbose -certs <APK_FILE>
For detailed instructions and troubleshooting, refer to the repository's documentation or GPG and APK signing guides online.
Why would you suggest using
jarsigner when OP ask about verifying file with GPG key and GPG signature? From quick search, it seems to impossible without converting GPG key to different format[1].
[1]
https://stackoverflow.com/a/11219493