where can I find PGP signatures and signing keys for Ubuntu? I want to verify the download, but the only thing I can find are the MD5 hashes (https://help.ubuntu.com/community/UbuntuHashes).
I can't imagine that Ubuntu doesn't offer a way to check the integrity of an ISO image.
There are MD5, SHA and SHA256 SUMS, gpg files, and ISO images here http://releases.ubuntu.com/14.04/
I finally solved what was causing these problems:
After I figured out I had to save the SHA256SUMS as a file/text file and the .GPG as a .GPG/.SIG file, GPG4Win gave out an error message when trying to verify the GPG signature, saying that the signature was invalid. This problem is caused by missing line breaks when copying the SHA256SUMS into the editor and save it as a text file (only visible when the editor window is maximized). When I save the SHA256SUMS web site (http://releases.ubuntu.com/trusty/SHA256SUMS) as a file/text file, the line breaks stay in the correct format. When verifying the text file and the signature, I finally get the green message saying that the signature is valid.
Thank you for your help.