"mark the key as trusted" . How do I know this public key was not tampered with/modified? Why should i trust it?
Your problem here is basically a problem inherent with public key cryptography. How do you establish trust at the very beginning.
If the truecrypt.org web site was hacked, could theoretically modify the binaries, re-sign them with a new key, and then publish the new key.
There are a couple imperfect remedies to this.
One is simply to lookup the key on public key servers. The assumption/hope is that an attacker would not have the ability compromise both the original site, and the well known key servers.
One of the more popular public key servers is http://pgp.mit.edu/. If you search that public key server you can a public key listed for contact@truecrypt.org with the ID(short) F0D6B1E0, that public key on pgp.mit.edu matches the key posted on the truecrypt.org web site (or at least it does when I visit the site). The long ID is 0xE3BA73CAF0D6B1E0.
Anyway, the hope is that if you can confirm the key by finding it published and identical in multiple locations, than you have gotten the valid key.
If you still don't trust the key servers, then you could try to get a copy using some out-of-band method. Have someone you trust you a copy in an email, or an IM, on a flash drive in the mail or something.
There is also the hope that if the site was compromised it would be noticed by many people and quickly publicized. A security breach of the key servers, or the truecrypt site would be pretty major deal, and you would probably be able to find out about it.