GPG stands for GnuPG, GNU Privacy Guard.
Following command generates ASCII based signature SHA512SUMS.gpg of SHA512SUMS. I think most commonly used for software verification checksum files.
gpg --detach-sign --armor --output SHA512SUMS.gpg SHA512SUMS
gpg --recv-keys D94AA3F0EFE21092
gpg: key D94AA3F0EFE21092: 2 duplicate signatures removed gpg: key D94AA3F0EFE21092: 64 signatures not checked due to missing keys gpg: /home/wnoguchi/.gnupg/trustdb.gpg: trustdb created gpg: key D94AA3F0EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) <email@example.com>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1
wnoguchi@hotaru:~/focal$ gpg --verify SHA256SUMS.gpg SHA256SUMS gpg: Signature made Thu 23 Apr 2020 10:46:21 PM JST gpg: using RSA key D94AA3F0EFE21092 gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <firstname.lastname@example.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
Verify SHA256 Checksum
grep ubuntu-20.04-live-server-amd64.iso SHA256SUMS | sha256sum -c