Hi, i just did this
wget https://cdimage.debian.org/mirror/cdimage/archive/9.0.0-live/amd64/iso-hybrid/SHA512SUMS.sign wget https://cdimage.debian.org/mirror/cdimage/archive/9.0.0-live/amd64/iso-hybrid/SHA512SUMS gpg --verify SHA512SUMS.sign SHA512SUMS The latter says gpg: Signature made Sun 18 Jun 2017 02:32:31 AM CEST using RSA key ID 6294BE9B gpg: Good signature from "Debian CD signing key <debian...@lists.debian.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B Do the downloaded files match these MD5s ? c9dde4f1020fc9caf650257a3bf3594f SHA512SUMS.sign 02f3c8b79d9e1baa528271f091450da8 SHA512SUMS Have a nice day :) Thomas
