1. I downloaded: trisquel_8.0_amd64.iso 2017-01-10 03:35 1.0G trisquel_8.0_amd64.iso.asc 2017-01-10 03:35 181 trisquel_8.0_amd64.iso.manifest 2017-01-10 03:35 48K trisquel_8.0_amd64.iso.md5 2017-01-10 03:35 57 (also tried the torrent but it seemed inactive) from: http://jenkins.trisquel.info/makeiso/iso/ 2. I created a directory to segregate these downloads from anything else and moved the 4 items I downloaded to that directory. 3. Opened a terminal and moved to the newly created directory. 4. Executed in terminal: md5sum trisquel_8.0_amd64.iso Output da5a814d0b325e83e162bbafba652d22 trisquel_8.0_amd64.iso With gedit I opened trisquel_8.0_amd64.iso.md5 and verified output was what was expected. Text: da5a814d0b325e83e162bbafba652d22 trisquel_8.0_amd64.iso (Steps 5 and 6 were in vain as the 'issuer key ID A7E8D94B9D9D4FAD' was not found at either hkp server keys.gnupg.net or hkp server pool.sks-keyservers.net, but steps 7, 8 and 9 as an alternative way to accomplish the same end and were successfull.) 5. Executed from terminal: gpg --list-packets trisquel_8.0_amd64.iso :signature packet: algo 1, keyid A7E8D94B9D9D4FAD version 4, created 1483833286, md5len 0, sigclass 0x01 digest algo 10, begin of digest af db hashed subpkt 2 len 4 (sig created 2017-01-07) subpkt 16 len 8 (issuer key ID A7E8D94B9D9D4FAD) data: [4096 bits] 6. Unsuccessfully tried to import keys from two different servers (A and B): A. gpg --keyserver keys.gnupg.net --recv-keys A7E8D94B9D9D4FAD gpg: requesting key 9D9D4FAD from hkp server keys.gnupg.net gpgkeys: key A7E8D94B9D9D4FAD not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0 B. gpg --keyserver pool.sks-keyservers.net --recv-keys A7E8D94B9D9D4FAD gpg: requesting key 9D9D4FAD from hkp server pool.sks-keyservers.net gpgkeys: key A7E8D94B9D9D4FAD not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0 7. Successfully located and saved to same newly created directory: trisquel-archive-signkey.gpg at https://trisquel.info/files/trisquel-archive-signkey.gpg 8. Successfully executed from terminal: gpg --import trisquel-archive-signkey.gpg gpg: key 8D8AEBF1: public key "Trisquel GNU/Linux (Trisquel GNU/Linux signing key) " imported gpg: Total number processed: 1 gpg: imported: 1 9. Successfully executed from terminal: Good signature from "Trisquel GNU/Linux (Trisquel GNU/Linux signing key) " [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: E6C2 7099 CA21 965B 734A EA31 B4EF B9F3 8D8A EBF1 Accroding to the manual page at https://trisquel.info/en/wiki/verify-trisquel-download: "Note: You may safely ignore the trust warning, if you would like to trust a GPG key you should meet in person to exchange keys, for example at LibrePlanet. Once you know the hash checks and GPG are "good", you can be sure that your download has not been compromised or corrupted."