Validating download signatures on Windows

[jimk2048]

noob question, How can I validate the download file signatures on a windows 10 pc?

Here's what I have done...
downloaded the following files from different mirrors:
          OPNsense-19.7.pub
          OPNsense-19.7-OpenSSL-dvd-amd64.iso.bz2
          OPNsense-19.7-OpenSSL-dvd-amd64.iso.bz2.sig
and confirmed the OPNsense-19.7.pub content matched other mirrors and the forum webpage.

using Kleopatra\GpgEX I have tried to import the public key but consistently get a BER error.  (see attachment)

I have tried renaming the OPNsense-19.7.pub with these extensions: asc,gpg,pem,der but import still fails.

The best directions I found online were these, https://www.gpg4win.org/doc/en/gpg4win-compendium_15.html

Which suggests the first step is importing the public key, I don't know, but I've already tried randomly clicking all the buttons in Kleopatra. 

Not sure what to try next, any help would be great.

[fabian]

Try to verify it using openssl on the command line. It is not a GPG signature (it is a public key only and not a certficate).

[jimk2048]

Thanks!  Worked just like the 'Installation & Configuration' guide has it documented.  I didn't realize Kleopatra added the OpenSSL command line exe.  Here are the specific commands, maybe it will help someone else.

F:\download>openssl base64 -d -in OPNsense-19.7-OpenSSL-dvd-amd64.iso.bz2.sig -out OPNsense-19.7-tmp-image.sig
WARNING: can't open config file: /etc/ssl/openssl.cnf

F:\download>openssl dgst -sha256 -verify OPNsense-19.7.pub -signature OPNsense-19.7-tmp-image.sig OPNsense-19.7-OpenSSL-dvd-amd64.iso.bz2
WARNING: can't open config file: /etc/ssl/openssl.cnf
Verified OK