I want to verify the downloaded file, but can't find the author's public key anywhere to import it. I am using gpgtools. I saw a note on GitHub that shows a program called minisign is needed to verify the binaries? You mean I have to download a separate program just to verify the integrity of this program? Can someone please explain exactly how to do this? I am not familiar with minisign. Any help will be greatly appreciate.
The downloads all have corresponding "dnscrypt-proxy-xxx-2.0.16.tar.gz.minisig" files. So yes, it seems that you do need minisign. I've never used it, but there's probably a man page or "minisign -h" or whatever.