-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla3-15.1-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-joomla3-15.1-stretch-amd64.iso a6007074c78e68257cefe744ad224ef2267a0e88d12b62e4bcd31bb7bf0686b9 turnkey-joomla3-15.1-stretch-amd64.iso $ sha512sum turnkey-joomla3-15.1-stretch-amd64.iso 3e8b8f07fff40fded1d900e34fd781dae26a19962ab5eb6a4b3032bceef8959c72ae57131f270f8b1c9f6e3f7d66574fd8141363268249b8e2cb9889b5fcd893 turnkey-joomla3-15.1-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-joomla3-15.1-stretch-amd64.iso.hash turnkey-joomla3-15.1-stretch-amd64.iso: OK $ sha512sum -c turnkey-joomla3-15.1-stretch-amd64.iso.hash turnkey-joomla3-15.1-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlvITPUACgkQhcJelaFu uU18BggAzOOoyjERe7MX/B2Od2k+CONPAK4ZynGoHVck74dtucUQyCghRCVFFVUJ UldeTABstRFhT6sgU+DDlR6VN2/lGOewNIOFEQ/Fs0EGyHhjL650ulSnCq954bQa avkczsIMxSk8fg4kNJ8PIIO+Jbknw7V7EER7VGmu/m3acUnWFcjnoQu73bQdhISw H0Cih14ThrGtBPmDyVhbUNznEdL1G41sQvYlj9E0tTGGJ1FkICMCZmhPoMry1MPc gzAnIgr82RvKBYOhfdAzFyVZw6N8F1Z7EE4Cr6SeXEGFbJm6ocs02gQVdxLUFl7V 1l5q4ISXXFQzjpT8oCz2LSEh6eR0kA== =Ovj3 -----END PGP SIGNATURE-----