I am trying to check the integrity of my gmp-6.1.2.tar.lz download (see here). I am on CentOS 6.6 using gpg (GnuPG) 2.0.14.
The GMP website only lists
Key ID: 0x28C67298
Key type: 2560 bit RSA
Fingerprint: 343C 2FF0 FBEE 5EC2 EDBE F399 F359 9FF8 28C6 7298
When I run (as suggested here):
$ gpg --verify gmp-6.1.2.tar.lz.sig gmp-6.1.2.tar.lz
gpg: Signature made Sun 18 Dec 2016 03:18:35 PM EST using RSA key ID 28C67298
gpg: Can't check signature: No public key
QUESTION
How do I extract the fingerprint from gpg to compare with the GMP website?
I don't know where or how to get the public key for gmp, is this fingerprint checking good enough? This does not seem to be very secure since I'm checking the signature of the file from the same website that I downloaded the file from.