I've installed: signify-openbsd signify-openbsd-keys
in an ultra-light (think Lubuntu on Atkins & amphetimines) Ubuntu 16.04. I guess I'm just a dumb Ubuntard, despite my Intertel membership, but I can't for the life of me figure out how to cryptographically verify the legitimacy of install62.iso with SHA256.sig. The hash matches the sig file, but how to verify the sig file? Or even if it is possible in principle. The manual is clear as mud. To keep it neat, let's say both files are in /data/bsd-stuff, so we have: /data/bsd-stuff/install62.iso /data/bsd-stuff/SHA256.sig EXACTLY what commands (my default interpreter is bash, but I can use tcsh or whatever) do I need? Or is this a chicken/egg thing where I have to have openbsd installed before I can verify an openbsd iso, which I have to have to install openbsd? This may be way superior to gpg, but I'd wager 10 to 1 that the net effect of disdaining the standard gpg route completely (which could be available, with a stern warning, IN ADDITION) is that half the people who install this don't do any cryptographic verification at all. .................................... Because if we allow the Constitution to become a "literary fiction" future generations will rightfully view us with contempt as shallow, posing slackers, this is: Sent with [ProtonMail](https://protonmail.com) Secure Email.
