The chapter Signing Packages in Maximum RPM explains clearly on how to sign RPM packages.

There are a few things to note though. In the page http://www.rpm.org/max-rpm/s1-rpm-pgp-getting-ready.html, it asked to put the gpg key name name path into rpmrc. This has changed. You have to put the following into ~/.rpmmacros:

%_signature    gpg
%_gpg_name   GPG Key UID
%_gpg_path     GPG path

All valid rpm macros can be found in the file /usr/lib/rpm/macros in your system where you've installed the "rpm-build" package.

http://www.charleslockhart.com/technical/gpg-cs.html offer a cheat sheet for using gpg.

After you have built the gpg key, you shall export the public gpg key, using:

$ gpg --export -a "GPG Key UID" > pubkey.asc

Then import the public key into the rpm:

$ sudo rpm --import pubkey.asc

After you have imported the public key, you shall be able to verify the key on your newly built RPM package.  http://docs.fedoraproject.org/drafts/rpm-guide-en/ch11s04.html explains this well.