Next, import Fedora's GPG key(s):
$ curl https://getfedora.org/static/fedora.gpg | gpg --import
You can verify the details of the GPG key(s) here.
Now, verify that the CHECKSUM file is valid:
$ gpg --verify-files *-CHECKSUM
The CHECKSUM file should have a good signature from one of the following keys:
CFC659B9 - Fedora 30
429476B4 - Fedora 29
9DB62FB1 - Fedora 28
DBBDCF7C - IOT 2019
Finally, now that the CHECKSUM file has been verified, check that the image's checksum matches:
$ sha256sum -c *-CHECKSUM
If the output states that the file is valid, then it's ready to use!
How do I verify my downloaded image on another operating system?
Read these instructions to verify your image.