How to verify Clonezilla ISO files

My notes titled “How to verify Clonezilla ISO files?” based on my experience on my debian 9 system.

1. Download Clonezilla ISO file from http://clonezilla.org/downloads.php

2. Download CHECKSUMS.TXT.gpg and CHECKSUMS.TXT

3. Place all these files into the same directory.

4. $ gpg --verify ./CHECKSUMS.TXT.gpg ./CHECKSUMS.TXT

gpg: Signature made Sal 27 Haz 2017 04:06:18 +03
gpg: using RSA key 667857D045599AFD
gpg: Can't check signature: No public key

5. $ gpg --recv-keys 667857D045599AFD

If you see the following output, install “dirmngr” and try again.

gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/run/user/1000/gnupg/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr

6. $ gpg --recv-keys 667857D045599AFD

Output:

gpg: key 667857D045599AFD: public key "DRBL Project (Diskless Remote Boot in Linux) <drbl@clonezilla.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

7. $ gpg --verify ./CHECKSUMS.TXT.gpg ./CHECKSUMS.TXT

Output:

gpg: Signature made Sal 27 Haz 2017 04:06:18 +03
gpg: using RSA key 667857D045599AFD
gpg: Good signature from "DRBL Project (Diskless Remote Boot in Linux) <drbl@clonezilla.org>" [unknown]
gpg: aka "DRBL Project (Diskless Remote Boot in Linux) <drbl@nchc.org.tw>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 54C0 821A 4871 5DAF D61B FCAF 6678 57D0 4559 9AFD