Correct Procedure For Iso Verification

[Leveret]

What is the correct way to verify a FreeBSD iso? I tried using gpg --verify followed by the .asc file but I get the message: Can't check signature, no public key. Where do I get the keys from. There doesn't seem to be anything clearly stating this on the FreeBSD website anywhere. Can someone help?

 

[T-Daemon]

Where do I get the keys from.

From here: https://www.freebsd.org/doc/pgpkeyring.txt

There doesn't seem to be anything clearly stating this on the FreeBSD website anywhere.

True. One must consult a search engine to find the OpenPGP keys in in the handbooks appendix (inclusive the above download link): https://docs.freebsd.org/en/books/handbook/pgpkeys/

The key ring link should be placed on every Release Checksum Signatures page, i.e.: https://www.freebsd.org/releases/13.0R/signatures

 

[T-Daemon]

What is the correct way to verify a FreeBSD iso? I tried using gpg --verify followed by the .asc file but I get the message:

Looking into the matter only the .asc checksum files themself are PGP verifiable not the installation images. To verify the integrity of the images only sha512 or sha256 cksum(1) can be applied.