so I'm trying to verify tail's ISO, i am getting this messsage, it seems different from the one on tail's website
Not enough information to check signature validity. Signed on 2015-06-29 12:07 with unknown certificate 0xA5091F72... The validity of the signature cannot be verified.
does it seem alright, or i have downloaded a fake ISO?
You need to certify the Tails signing key with your own key:
(If you do not have your own PGP key, then create one first before proceeding.)
Start Kleopatra.
Select "All Certificates" from the drop down on the right hand side of the "Find" text entry area.
Under "Name" there should be a key listed as "Tails developers (offline long-term identity key)".
Right click on that key and select "Certificate Details".
Make sure the key fingerprint is as follows
Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F
Once you have verified the key fingerprint, right click on the key again and select "Certify Certificate".
Check mark the Tails key.
Check mark "I have verified the fingerprint".
Hit Next.
Select which of your keys you want to sign it with.
Select "Certify for myself".
Hit "Certify".
Enter the passphrase for your key.
Hit Finish.
Right click on the Tails key again and select "Change Owner Trust".
Select "I believe checks are very accurate".
Hit File on the top menu bar and select "Decrypt/Verify Files".
Drill down to the directory where both the Tails ISO and the Tails ISO signature (.sig) files are located.
Select either one.
Hit "Decrypt/Verify".
You should get a green "Signature is valid" message.
(Because of a bug in Kleopatra, it will still say "unknown certificate": https://bugs.kde.org/show_bug.cgi?id=287145)