GPG signatures, on the other hand, rely on a different path for verification of the key trust, and thus are useful even if both image and signature come from an unreliable source.

@Scummos Body, most would say that I'm not dumb but I still don't understand how to perform a GPG check.

I have the .iso and the .sig in the same folder. I know where's the Ubuntu keyserver but other than that I'm clueless. I've checksummed the images (and the re-imaged install disk too ) and everything is fine BUT I want GPG as well.

Could you give me some guidance, please? Much appreciated in advance.