The CRC32 signature will just protect you against transmition errors.
The SHA signature will use the published key of the organization prepairing the file
in determining if the file is authentic.
Read up on Openssl for details.
This website contains information on how to manually load their keys into the rpm database.