I cannot find clear Wiki on this topic that matches where I am stuck. I am updating Core from v22.0 to 27.1.
I have confirmed SHA256SUMS: a match between the binary hash for the win.exe and the program itself, using Notepad ++ and Command Prompt, respectively.

Now I want to verify at least one developer's signature. I have kleopatra.exe ready and I can either search a keyserver or I can import a file.
For noobs the github page is "overload" and there are no steps or explanations.

I need either a server address URL that I can copy/paste into Kleopatra or some directions on exactly what I should download from github as a file to import. The raw files I tried all return errors, so I think I've not selected the proper files . . .

The Core (website) explanations of steps are generic and not suitable for first-timers.