signify is a utility that lets you easily sign and verify files using cryptography.
To verify an OpenBSD ISO using signify:
$ ftp https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/install71.iso $ ftp https://ftp.openbsd.org/pub/OpenBSD/7.1/amd64/SHA256.sig $ signify -C -p /etc/signify/openbsd-71-base.pub -x SHA256.sig install71.iso Signature Verified install71.iso: OK
-C verifies a signed checksum list, -p provides the public key, and -x provides the signature file.
If you see this message:
Signature Verified install71.iso: FAIL
This may mean that your ISO is either corrupt or has been tampered with. You will want to download it again and make sure it verifies properly.
On the other hand, if you see this message:
signify: verification failed: checked against wrong key
You may have the wrong public key.