Good time of the day, Jon. Thank You for Your time and answer. You worte: >> I try to check live CDs SHA256SUMS against SHA256SUMS.sign: >> >> under normal user: >> gpg --verify SHA256SUMS.sign SHA256SUMS > >Wrong tool! GPG is for verifying signatures, not hash sums. Try >'sha256sum' from coreutils. And that's what I need - to check if the sums the SHA256SUMS contains are from trusted source. Sthu.