Hi, > I've never found any terminal commands to use the checksums, or the > signing key.
Have a look at https://lists.debian.org/debian-user/2019/04/msg00214.html https://lists.debian.org/debian-user/2019/04/msg01149.html The first one gives an overview. You already seem to know most of this. It also shows examples of verification commands. The second one is about john doe's proposal, which for now is the best candidate for a SHA512 checksum verification command: sha512sum -c --ignore-missing SHA512SUMS and about my proposal to verify the GPG signature directly on the remote keyring: gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS > Please could Debian create some extra documentation on using commands to > verify Debian's isos' with SHAs and signatures? The need is known. In https://lists.debian.org/debian-user/2019/04/msg01147.html we see the announcement of improvement by the web team. Have a nice day :) Thomas