Bro, I just spend something like 2 hours to learn about gpg/sign/encrypt stuff and tried it on Haveno. But even after all this time, I don't know if the files I download is original or not.

1st, from your link, I get the public keys "reto_public.asc" which I don't find in the original github webpage https://github.com/retoaccess1/haveno-reto

2nd, from their github, I found instead the public key "woodser.asc" https://github.com/retoaccess1/haveno-reto/blob/master/gpg_keys/woodser.asc

And last, After I download "HavenoInstaller-windows-latest.zip.sig" & "HavenoInstaller-windows-latest.zip" and try to verify the signature, Only your public key ""reto_public.asc" works, the github public key "woodser.asc" doesn't.