GPG verification of the Leap 15.2 SHA256 file fails with:
Code:
Tux@TuxBox:/home/openSUSE Leap 15.2/> gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
gpg: Signature made Tue 30 Jun 2020 09:52:45 AM MDT
gpg:                using RSA key 70AF9E8139DB7C82
gpg: Can't check signature: No public key
I executed the following before checking the SHA256 file as shown above:
Code:
gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
gpg --fingerprint "openSUSE Project Signing Key <opensuse@opensuse.org>"
and it executed properly.

Is there a problem with the SHA256 file? File contents:
Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

c6d3ed19fe5cc25c4667bf0b46cc86aebcfbca3b0073aed0a288834600cb8b97  openSUSE-Leap-15.1-DVD-x86_64.iso
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQEVAwUBXNwZzbiLL9Q9vcKEAQiXAggAsmtTRD1HausbkO0M5vEVBfeoefCowntG
jz8/kbmPFxDvHuRv/IUYx98NjCdOc/5svOs1PMXXaRtmBMc3/kQkr21BIn6rZye2
B4RsRAqvAJmNjSxrlA78VyX+F+oN+CsYg63xx87sO7dORoNX2VCLappXVIFxz586
8cQZNP9Rqpk5+eySpCyLJOgT5onxZbUjN3Q8uEPMyT+nzm8iqzx5EI75gJuKYWvh
nGLmKDLlH9S4MXM6Z1cinmSxMW5HCvTScmTgsRTnYLtuOblVj1RZbK+sws+Fnf8T
45WAYUYq23fv/kP4qfwvWwJma9SZWo7voLHtRiNlQFX4p6zi9C5apA==
=Cng2
-----END PGP SIGNATURE-----
I checked this file against the same file on 4 separate servers across the planet, and it was found to be identical. So, Iam assuming the file is authentic.