It is likely easiest to simply copy the files to your Desktop so you can view them easily. Then it takes a second using a terminal to change to Desktop. Open it and enter cd Desktop and now the terminal will use files on the Desktop. Also, when you copy the signature you can shorten the filename and call it whatever you want. I paste the signature into a new document on the Desktop and simply call it sig.
1. cd Desktop #now terminal uses Desktop files
2. gpg --verify sig ElectronCash-3.1.2.tar.gz
What gpg will do is to grab the sig file (you can use the full long name if you want to), the ElectronCash-3.1.2.tar.gz package, and the PUBLIC KEY for jonaldkey2.asc as a verification tool. Only the jonaldkey2 private key can create a signature to verify the ElectronCash program. This is a sure fire way to verify keys. Many folks make the mistake of using Sha256 checksums but that is a miserably weaker process than the one I just described. I teach this process to newbie's elsewhere. You will have NO access to the private key of jonaldkey2, but the circulated public key allows us to use it for absolute sig verification. Lastly, it is IMPERATIVE that you confirm the key fingerprints of the public keys you verify to establish that you have the ACTUAL public key and not an imposter. Simple and completely accurate. If you have any issues let one of us know, we are here to help you be safe.
How to verify fingerprint in this case:
gpg --fingerprint Jonald Fyookball
pub 2048D/EFF1DDE1 2017-11-09
Key fingerprint = D56C 110F 4555 F371 AEEF CB25 4FD0 6489 EFF1 DDE1
uid [ full ] Jonald Fyookball <
jonf@electroncash.org>
sub 2048g/5458173D 2017-11-09
# note: no expiration of this key so its permanent unless the owner uses a revocation key, which only they would have. My keys don't expire either, but many users assign expirations. Personal choice.