You can use gpg on windows or macosx as well to verify the signed hashes.

As linked in the blog post in my other comment, tails explains things quite well:

https://tails.boum.org/download/index.en.html#verify