-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-magento-15.0-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-magento-15.0-stretch-amd64.iso a25eed574c47e608c58b3b4c3b82bf6a9b95a2b4c2ee7cead7afbe1f10567641 turnkey-magento-15.0-stretch-amd64.iso $ sha512sum turnkey-magento-15.0-stretch-amd64.iso bdccb31252031e81f2705ad66d8c735500e79efa491356f623ea966082b603e3e57357a5c13ff42fa87b6ab0183e9395ed1e38150181d46e1715c3878e6a834a turnkey-magento-15.0-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-magento-15.0-stretch-amd64.iso.hash turnkey-magento-15.0-stretch-amd64.iso: OK $ sha512sum -c turnkey-magento-15.0-stretch-amd64.iso.hash turnkey-magento-15.0-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAltMlToACgkQhcJelaFu uU3q/wgA7O4LKfhkYrgNefDxQ6+LODDAIeciYaRuHEylxFWnFa9izM84qoDFop68 gDOXJi2yqYpr03zCMKaJNE7PINuSsvC4ZNe3NkSI1o8/Jou9RP2edLSWQBv1Uf9W 6T9WcEcarhMgp0b01d9oHNYWi8CpvkDFTEs+lNGpvToceFbKkKTHI5/BO3Lg7tDG l5evNdtUuuWxS0ERszvpn47AYVl58cXcHUgWD1xS6HighSOasggEUiFTU3pABufC XfffyaprybZKUqFC1NT4M6oYnNFjSNowc6PrddrjybVfSl0auhXT8vHiztrtQ2uQ dtmeHjgotbgOe44BGJpSQ/6SQW6MyA== =Xb21 -----END PGP SIGNATURE-----