revised 3/3/20
Probably the most important reason for checking the integrity of a Linux ISO before using it is to be certain that the encryption software contained in it is the official version, and not some hacker's version with a backdoor. To do this, check the integrity of the ISO, which is done by finding the reference sha256 checksum on a trustworthy site (either the official site or Distrowatch, which lists the checksums for all of a distribution's "point" releases, such as Ubuntu 18.04.3, and not just the latest one).
Then, you would calculate the sha256 checksum for your ISO-copy (which you might have downloaded, or made from a DVD, which various Linux and Windows DVD-burner programs can do). The command for calculating an ISO's checksum is "sha256sum <path>/filename.iso." To get the ISO's path, right-click on it and select Properties in the menu which appears, and a window which contains various information, including the path and file's name, will appear. To copy it, either highlight it and hit Ctrl-C, or right-click on it and select "copy" in the menu which appears. To paste something into the terminal, use Ctrl-Shift-V.
If the checksums agree, you at least know that your ISO is the official version, although this still isn't an absolute guarantee that there aren't any backdoors into the encrypted partitions which you create with it. The only way to be certain would be to analyze the code, which is out of the question for most people. You might assume that there couldn't be a backdoor due to the threat of some whiz-kid programmer analyzing the source code and blowing the whistle if he or she finds something, but that's just wishful thinking. So, using encryption software is ultimately a gamble that it's not a means of luring us into a false sense of security so that Big Brother can snatch our encrypted drives and access our secrets, which he would have to do in order to access the data if you normally open them only on an air-gap system.
To be on the safe side, I use the slow-format method to format new flash drives, which erases everything on the drive before formatting it, to ensure that there's nothing on them which could compromise security. (The drive's firmware, which is a sort of "BIOS" for the drive, might contain viruses, such as Stuxnet, but no such viruses have supposedly actually been deployed in the wild, and I haven't seen any indications that they can create backdoors into LUKS partitions, although to be on the safe side, open them only on an air-gap system to ensure that the data when in unencrypted form can't be sent out over the internet by some virus.) By the way, the latest version of the Disks program (a.k.a. gnome-disk-utility) as of this writing has apparently undergone a major revision, and it can create LUKS partitions in free space, instead of having to create FAT partitions and then reformatting them as LUKS partitions. Keep track of which installation was used for creating each encrypted partition, pay attention to news of any vulnerabilities which might compromise the security of your data, and reformat any affected drives. Use long passwords which are easy to remember but impossible to guess, with upper and lower case letters, numbers, and symbols. Store a copy in a safe place (besides on the encrypted flash drive, such as in a list of all passwords you have ever used, in case you ever have a need for an old password which you've forgotten). When you are certain that you have memorized the password, destroy the physical copy. Don't leave your flash drives lying around unattended, and get into the habit of locking your PC's screen whenever you leave the room.
