-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-drupal9-16.1-buster-amd64-vmdk.zip.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-drupal9-16.1-buster-amd64-vmdk.zip 8f116cf869dccba22d7de53e98ed64569c03e55d4aaf6a96082c5c773dd5983d turnkey-drupal9-16.1-buster-amd64-vmdk.zip $ sha512sum turnkey-drupal9-16.1-buster-amd64-vmdk.zip bfc0f1e03e695fd9a7b2b52948eb1c2bc9bffd999774150b2a0a5ebbb4c596ee9edb183cc0fb2838ce1ed2378e21607f3b8029c11691990a31274d00cc93fb6f turnkey-drupal9-16.1-buster-amd64-vmdk.zip Note, you can compare hashes automatically:: $ sha256sum -c turnkey-drupal9-16.1-buster-amd64-vmdk.zip.hash turnkey-drupal9-16.1-buster-amd64-vmdk.zip: OK $ sha512sum -c turnkey-drupal9-16.1-buster-amd64-vmdk.zip.hash turnkey-drupal9-16.1-buster-amd64-vmdk.zip: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmA7b5YACgkQrF6wBJPl vBxwjRAAgDkYKTt83nGCSVU++upQo2lAoosIvH+T7OmMpHE//SNTDYHyBjOx/49X dQad+W0O1XAyQHwpjrZnB8EAge6CnEu5Rrevh0hvvRGtp0iwVTd8w6jfFkjIFIn3 Wc7C3wcJryv/C8P5PeXegEWed993JjoYydJ8Fd1DyVv4Z/53Z+4btyL/UNdO8eQ2 WpqUMwFD49N0qR8UKV/UCGY/qoSUKWhxSpt6DGbqkbIp2h8v8VsILANCnc++aJmw XEfOAV50Js7oto7367FEgdN3lcR4eOxxCdv/hGa9yZMth4AQtD1UgAcgIs0JsvvO KJUq/xzU/5GX1doCENiXqJC9Z7YFh1kX9dJdOXTXAzaNYS5XcZn25W6S07Tbovk7 16S0sPIyyS0ocyn5DGMeUYyOibX7oeAH/L3y+5kAClylk1oo+p5x1oGj53BQ15IM fKKJDtk1V9L9ojbBKlZSBofA9sQvEguemU7TeBIzKM31DA3XIpxo9WFzVSVm7k3d kG01FWnzt3w/a8ovBDzX/Xq/rSRT0+ikd+EsFcMBwn/0QprnTt0Udrry4Jla+ARs P4xYhcHCDSsfL29nKjO4JTcCnKuSK21tC9sN2Ah9atlQBGwVklj1WQvCQRgZS6kT LVBroXq/bSssLvtZEYuq5wHP+03Byc/XwcRbNXvk3QIfpc6FVVM= =BpfM -----END PGP SIGNATURE-----