GPG stands for GnuPG, GNU Privacy Guard.

1. GPG Agent

Following command generates ASCII based signature SHA512SUMS.gpg of SHA512SUMS. I think most commonly used for software verification checksum files.

gpg --detach-sign --armor --output SHA512SUMS.gpg SHA512SUMS

1. GPG でファイルを暗号化, 復号化, 署名, 検証する方法 - yu8mada

gpg --recv-keys D94AA3F0EFE21092

gpg: key D94AA3F0EFE21092: 2 duplicate signatures removed
gpg: key D94AA3F0EFE21092: 64 signatures not checked due to missing keys
gpg: /home/wnoguchi/.gnupg/trustdb.gpg: trustdb created
gpg: key D94AA3F0EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

1. SecurityTeam/FAQ - Ubuntu Wiki

wnoguchi@hotaru:~/focal$ gpg --verify SHA256SUMS.gpg SHA256SUMS
gpg: Signature made Thu 23 Apr 2020 10:46:21 PM JST
gpg:                using RSA key D94AA3F0EFE21092
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092

Verify SHA256 Checksum

grep ubuntu-20.04-live-server-amd64.iso SHA256SUMS | sha256sum -c

ubuntu-20.04-live-server-amd64.iso: OK

1. The GNU Privacy Guard
2. Gpg4win - Secure email and file encryption with GnuPG for Windows