I scrolled down about 20 pages through this tutorial regarding creating a Key Pair. I think this tutorial is way overkill for my needs. Permit me to "cut to the chase" on some basics to confirm that I'm in the ballpark:

1. From bitcoincore.org I downloaded: a. the Win exe. program for the latest iteration, 27.1, b. SHA256 binary hashes. This hash file has extension .asc and, opening with Notepad ++, I could copy/paste the exact line of binary hashes pertaining to my OS from the .exe program, b. I then used the Command Prompt  and navigated to the .exe and entered: This output a binary hash string. I then compared it with the first hash, they matched, so I know I have clearance to install the .exe   Correct so far?
2. Many people probably stop here and do the install w/o signature verification. However, I will attempt signature verification using the advice here. If I'm not successful, I'll probably do the install.
3. My understanding of signature verification: It could be that the binary hashes were hacked, so now I need to authenticate the binary hashes. To start that process, I first downloaded from the Core site the SHA256 hash signatures. Now, using kleopatra.exe I need to associate that with at least one developer's signature either from a keysaver URL or from a file download, either of which can be executed from the PGP program.

Other members hear have given links that I'll try for this purpose. Basically, I want to know, am I on the right track?