Debian's CD verification page doesn't explain how to find and use the keyring from the package.
This page will explain how to get the keyring package and use it to verify the gpg signatures for the checksum files if you are running debian. The directions will likely work for any debian-based distribution.
Install debian-keyring (
sudo apt install debian-keyring ). Also install gnupg if it isn't already installed ( see GnuPG sidebar for details ).