gpg --verify Wifislax64-4.15.1.iso.asc Wifislax64-4.15.1.iso
Good output:
Good signature from "Wifislax Team <team@wifislax.com>"
Bad output:
BAD signature or Can't check signature → Do not use the ISO. wifislax 4151 iso download verified
# MD5
md5sum -c Wifislax64-4.15.1.iso.md5
Once verified:
The primary verified source is the official Wifislax website. However, the main server is often rate-limited. Secondary verified mirrors include: gpg --verify Wifislax64-4
Direct filenames to look for:
Before you boot into Wifislax 4.15.1, complete this checklist: Direct filenames to look for: Before you boot
gpg will report whether the signature is good and which key signed it. Ensure the key fingerprint matches the project's published fingerprint before trusting the signature.
The official Wifislax team (via their main site www.wifislax.com and trusted mirrors) publishes cryptographic hashes. A verified ISO means the file you downloaded produces the exact same hash as the one published by the developers.