diff --git a/install-latest.sh b/install-latest.sh
index 6b56543d..9244357a 100755
--- a/install-latest.sh
+++ b/install-latest.sh
@@ -135,6 +135,40 @@ if [ "$COMPUTED_CHECKSUM" != "$EXPECTED_CHECKSUM" ]; then
     exit 1
 fi
 
+if ! command -v gpg >/dev/null 2>&1; then
+    echo "GPG is not installed. It is recommended to verify the authenticity of the exo cli package before installing it. Please install GPG."
+
+    read -p "Would you like to install exo cli without verifying the package's authenticity? (N/y): " verify_signature
+    if [ ! "$verify_signature" = "y" ]; then
+        echo "Exiting."
+        exit 1
+    fi
+else
+    TOOLING_KEY_NAME="Exoscale Tooling <tooling@exoscale.ch>"
+    TOOLING_KEY_FINGERPRINT="7100E8BFD6199CE0374CB7F003686F8CDE378D41"
+
+    # Check if the tooling key is installed
+    if gpg --list-keys | grep -q "$TOOLING_KEY_FINGERPRINT"; then
+        # verity sig
+        exit 1
+    else
+        read -p "The GPG key $TOOLING_KEY_NAME ($TOOLING_KEY_FINGERPRINT) is missing, would you like to import it? (N/y): " import_key
+        if [ "$import_key" = "y" ]; then
+            echo "Importing key"
+            gpg --recv-keys "$TOOLING_KEY_FINGERPRINT"
+            if [ $? -eq 0 ]; then
+                echo "Import successful."
+                # verity sig
+            else
+                echo "Import failed. Exiting."
+                exit 1
+            fi
+        else
+            echo "Exiting."
+        fi
+    fi
+fi
+
 echo "Installing exo CLI, using $PACKAGETYPE"
 case "$PACKAGETYPE" in
     dpkg)