The chances are that your download is fine. So you could ignore the “gpg” check. But you will run into those problems again with other uses of “gpg”.
Things to check:
The directory “.gnupg” should be writable only by you. It should not be group writable or other writable. It is best that it also be readable only by you. Typical permissions should be drwx------ with you as the owner.
Your home directory should not be group writable or other-writable, though it is okay for it to be readable by others. Typical permissions are drwxr-xr-x. The same applies to the “/home” directory and to the “/” directory.
Further to my last post i have now verified that the downloaded file is correct …
joe@linux-pzcr:~/Downloads> gpg --verify openSUSE-Leap-42.3-DVD-x86_64.iso.sha256
gpg: Signature made Fri 21 Jul 2017 11:10:34 BST using RSA key ID 3DBDC284
gpg: Good signature from “openSUSE Project Signing Key <firstname.lastname@example.org>” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284