A client is getting ready for NIAP certification. Part of this is verifying an ISO signature. The steps are Download SHA256SUMS and SHA256SUMS.gpg Get the key used for the signature Verify the signature Check the ISO with sha256sum Download sums and signature (SHA256SUMS and SHA256SUMS.gpg) from a mirror and save in a suitable working directory.[…]