Every RPM package is signed with my build key, also found in config section.
Fingerprint = 47E8 CA3D 4524 069F D8B3  3DA3 879D 8115 FFA1 DE78

To install my key, input command, and then verify its fingerprint:

gpg --import mitja-public_signkey.gpg
gpg --fingerprint FFA1DE78

If the fingerprint matches one listed above everything is OK.

Then you can use RPM -K filename-version-revision.arch.rpm to check 
built in signature of the RPM packages.

rpm -K config-0.2-PS2.noarch.rpm should produce similar output.

config-0.2-PS2.noarch.rpm: (sha1) dsa sha1 md5 gpg OK 

This ensures that the package has not been tampered with and that the 
download was successfull and without errors.