To check the integrity and authenticity of some tarball, e.g.,
nclua-X.Y.tar.xz, run:

  gpg --verify nclua-X.Y.tar.xz.asc

This checks whether the signature file matches the source file.  You should
see a message indicating that the signature is good.  If you don't have my
public key in your keyring, you may fetch it by running either:

  gpg --fetch-key http://www.telemidia.puc-rio.br/~gflima/gflima.key

or

  gpg --keyserver hkp://keys.gnupg.net --recv-keys EB6EF733

Have fun!