On verifying a signature file...

A detached signature file, as opposed to signatures that are encrypt-signed or clear-signed (link), is a separate file that may be used to verify the associated document, that is, both the signature.sig and the original_document.txt (or other file) are processed for verification. This can be a bit confusing for an email because it may be unclear which text file is referred to; this isn't usually an obvious problem if your pgp/gpg is integrated with your email software.

You will need to have installed GnuPG. Once installed import the signature (command line example)

$ gpg --import GPGTools-00D026C4.asc gpg: key 00D026C4: "GPGTools Team <team@gpgtools.org>" 1 new signaturegpg: Total number processed: 1gpg:         new signatures: 1gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2018-08-19

If you run this more than once you'll see (command line example)

$ gpg --import GPGTools-00D026C4.asc gpg: key 00D026C4: "GPGTools Team <team@gpgtools.org>" not changedgpg: Total number processed: 1gpg:              unchanged: 1

Now verify the signature/file combination (command line example)

$ gpg --verify GPG_Suite-2015.09.dmg.sig GPG_Suite-2015.09.dmggpg: Signature made Wed 23 Sep 18:56:37 2015 IST using RSA key ID 0D9E43F5gpg: Good signature from "GPGTools Team <team@gpgtools.org>" [ultimate]gpg:                 aka "GPGMail Project Team (Official OpenPGP Key) <gpgmail-devel@lists.gpgmail.org>" [ultimate]gpg:                 aka "GPGTools Project Team (Official OpenPGP Key) <gpgtools-org@lists.gpgtools.org>" [ultimate]gpg:                 aka "[jpeg image of size 5871]" [ultimate]

Further reading

gnupg.org and the GPG Suite Quickstart Tutorial
kp.mit.edu
www.openoffice.org