The release files are signed using a detached signature.  You can obtain the
signature from the GitHub release page

    https://github.com/pgf-tikz/pgf/releases/download/3.1.10/pgf_3.1.10.ctan.flatdir.zip.sig