* GPG: check that the key found is a signing key * GPG: use key fingerprint suffix to compare id for signing key