CertUtil -hashfile lubuntu-22.04.3-desktop-amd64.iso SHA256
This one works out fine.
But not this one:
gpg: Signature made 10.08.2023 19.42.34 Vest-Europa (sommertid)
gpg: using RSA key 843938DF228D22F7B3742BC0D94AA3F0EFE21092
gpg: Can’t check signature: No public key
PS C:\Users\Me\Downloads>
This is done in Windows 10. I’ve already gone through the steps for Linux Mint Mate without problems. So what is the problem here?
ps: This is in Norway.
I forgot:
gpg --verify SHA256SUMS.gpg SHA256SUMS.txt
This onwe is not working, see message in first comment.
I think it should be enough for you to be sure that your ISO file is good, if you get the following SHA256SUM (double-checked via me and discourse.lubuntu.me and not only from the download web address),
$ sha256sum lubuntu-22.04.3-desktop-amd64.iso
ffccfa53a10bacf0b8b7589e85c739e650aef8f38ac4ed66f96fd591396d2f21 lubuntu-22.04.3-desktop-amd64.iso
In Linux the following method works to use the gpg-file. I am not sure what works in Windows, but I think there is a text mode version of gpg, that can be run in a command line window in a similar way.
You need a key from Ubuntu according to this link: How to verify your Ubuntu download - Tutorials - Ubuntu Community Hub. I think it should work with the key via the following command line,
gpg --keyid-format long --keyserver hkp://keyserver.ubuntu.com --recv-keys x46181433FBB75451 0xD94AA3F0EFE21092
Download also the file SHA256SUMS from where you downloaded the ISO file. It should contain the same as the output from the sha256sum command line above.
Run the following command and get an output similar to what I get (but maybe in Norwegian, if you don’t force English),
$ LANG=C gpg --verify SHA256SUMS.gpg SHA256SUMS
gpg: Signature made tor 10 aug 2023 19:42:34 CEST
gpg: using RSA key 843938DF228D22F7B3742BC0D94AA3F0EFE21092
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
Then there is reason to trust that nobody else has written the checksums. The text might be translated to your local language, but it should be clear that it is a ‘Good signature from “Ubuntu CD Image Automatic Signing Key (2012) cdimage@ubuntu.com”’.
The warning “This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner.” means that there is no chain of trusted keys between your computer’s keyring and the key, that was used to sign the checksums.
That warning means that this is the best possible verification, although not 100%. It is difficult to establish a chain of trusted keys between your computer’s keyring and the key, I think not feasible for a private person using free software.
“cabbot…” of course: cannot 
Thanks for the answer. It’s okay now.
I’ve made an USB to boot from and Lubuntu looks great 
I will install it alongside Win 10 on my 7 years old Lenovo.
I still need Win.
Thanks again
This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.