-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-wordpress-15.1-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-wordpress-15.1-stretch-amd64.iso 712e5c698295aaffa9f297d405b0617f6131e94b79b4c885252d751eac098895 turnkey-wordpress-15.1-stretch-amd64.iso $ sha512sum turnkey-wordpress-15.1-stretch-amd64.iso 23e61954d570876cd3c1b42f8e63365aa74571311917375151f3ef24c2b019a616d60cd5172dfc8caecf5dcb7562207cda70a6b9be5b57cbeadab9dc0c7ab2ee turnkey-wordpress-15.1-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-wordpress-15.1-stretch-amd64.iso.hash turnkey-wordpress-15.1-stretch-amd64.iso: OK $ sha512sum -c turnkey-wordpress-15.1-stretch-amd64.iso.hash turnkey-wordpress-15.1-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlvITP4ACgkQhcJelaFu uU0kFggA2JyCV12yE44dETj83kiOgbZRQ8laGEQdAY58vYK96UnB26oT6FxZe3Qu yUgKCkdGEMbfDRcUQyzDC+wdrwDq6NLUArxlO354Vmi7YYnR59KQd7XPsq3D8Sjn gCZnM7OPdATo8jPuSKjYIPXOxevD0Ub9HFYugnE3tp+tiG7P4WwEQapLelXlPr/b TM+q+UiAI9BmPjSPr9p+xsJX+HDfo7O71gX+DlkPSDoZZUZClbsjEtKp2F/L7iYU VixTkR6JBNLrB5bEF8dZAgZsMtMLH29fGTXAQLJISN3PUd3p9FtYN5SzXcR0ETXz fUBWpizqHxJ4C35K/ztCq4QnqJg5+g== =BCXz -----END PGP SIGNATURE-----