Yeah, it’s the right package (and checksum). Googling around seems to indicate there are various bugs in dpkg-sig causing it to fail verification.
dpkg-sig
