Help veryifying pgp signatures on kleopatra

Hi, i’m having trouble veryifing pgp signatures on kleopatra.

Iv imported the pgp to the list and then saved the signature.

1st i tried to paste the signature into notepad and click verify and i get the msg Failed to decrypt the notepad: No data.

Signature created on 4/06/2026 10:20 PM using an unknown certificate with fingerprint
DA08 FAC3 8F57 31B3 1FC5 A1EE 0DF7 7920 9883 8DF5
You can search the certificate on a keyserver or import it from a file.

Then i attempted to do it from the main kleopatra page by clicking on the decrypt/verify tab and select the saved pgp signature and i get the following msg

Verified ‘C:\Books\Falling Awake How to Practice Mindfulness in Everyday Life\lizworld pgp verify.txt’ with signature in ‘C:\Books\Falling Awake How to Practice Mindfulness in Everyday Life\lizworld pgp verify.txt’.

and then under it
Signature created on 4/06/2026 10:20 PM using an unknown certificate with fingerprint
DA08 FAC3 8F57 31B3 1FC5 A1EE 0DF7 7920 9883 8DF5
You can search the certificate on a keyserver or import it from a file.

So, im wondering if i verified it or not then i click on audit log and get this msg

gpg: Signature made 06/04/26 22:20:56 AUS Eastern Standard Time
gpg:                using RSA key DA08FAC38F5731B31FC5A1EE0DF7792098838DF5
gpg: Can't check signature: No public key

So, im guessing i did something wrong could someone please help me.
Thanks

So then i tried adding adding the pgp ink to ‘encrypt for others and i get the same failed msgs

This means that the file is signed but as Kleopatra does not know the certificate with which the signature was made it can not check the signature. A signature with an unknown certificate is worthless. Anyone can create an OpenPGP key and sign anything.

You have to get the certificate from somewhere and import it. A classic method would be to search on a keyserver, but as those are not reliable sources nowadays, no keyserver is configured by default any more in Kleopatra. How one can configure one is described here: How do I import key when something like a certificate file isn't provided and instead a keyserver? - #2 by eebb

After import you have to check if the certificate belongs to the correct entity and after that certify it with your own secret key to document that you verified that. After that you can try to verify the signed data again.

We really need an updated Gpg4win compendium or other novice documentation…