don’t know if this is of any help to anyone except maybe past me, but i had a hard time finding the correct Public Key to verify the current Krita AppImage: So what finally worked was gpg --import this Public Key here https://files.kde.org/krita/dmitry_kazakov.gpg and gpg --verify krita-5.2.9-x86_64.AppImage.sig then gpg says Good signature (fingerprint: E9FB 29E7 4ADE ACC5 E303 5B8A B69E B4CF 7468 332F). Anyway (>’ v ')> here is a drawing i made using my laptops wonky touchpad.
KOOL
sorry, i think my post might be a little misleading everything is fine with the AppImage and the Detached signature (downloaded from krita.org) always has been as far as i know, i only verified the AppImage for ‘fun’. The only hiccup i had was that the webpage was unclear on where to find the PGP Public key, that you use to verify the signature. of course doing this is not necessary since i downloaded the AppImage from the official webpage over a secure connection.