Hello Everyone, Newbie here
As I have already downloaded the iso file and checked its integrity by verifying the downloaded iso with the checksum given on the website.
But as a Linuxmint user, there used to be two steps, integrity of the iso and authenticity of the checksum, but here I couldn't find the 2nd one. So need to know whether it is not necessary or there is some other way for the sha256sum.txt.gpg to verify.

Secondly, I need to verify my virtual box image as well for its authenticity. So how do I do that?

P.S. If you are using any jargon for the sake of explanation, please describe the same for me to understand better.
Thank You in Advance