-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-moodle-15.2-stretch-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-moodle-15.2-stretch-amd64.ova 11c69c547988bcc38f5465a8fe0075d89980c518138755f2e9ea620e6f23c4e7 turnkey-moodle-15.2-stretch-amd64.ova $ sha512sum turnkey-moodle-15.2-stretch-amd64.ova 7c9d89bda3959982c52e2757db7a8211c80e5e293d6c532d89e291d7e1a398fe9ff16093370b86c3dfba4e612a30d6e6d8e1912f89cff452ea2e239ae6a81208 turnkey-moodle-15.2-stretch-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-moodle-15.2-stretch-amd64.ova.hash turnkey-moodle-15.2-stretch-amd64.ova: OK $ sha512sum -c turnkey-moodle-15.2-stretch-amd64.ova.hash turnkey-moodle-15.2-stretch-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAl0THAIACgkQhcJelaFu uU060gf/QFDLAXmfjvsBP8/VIf8c4pdsZqHx6r7waULB7ozGsKyRfFbCuYsX44Ry fngfhJDG4BGHlUgxPWOIIWmdXpIFl6ysnwjCNa7NVrAYlKxBSnUm6wQFkYUEaPcr YF9Fzf5Qdqg59A0AXG+eEe598OJXQRZP7CHFzgHMZS0vIGK96LT2EM2ldF5Wb7cV NCmD89rbn15AHAFNvubxONRElYbdv0Etlvgodorsy48tmXSu7aPojGkpRwl3F6qr nQYvVnypryIZ7kf2fW1sZKQt70zPBVTi23VaYK7a9A7zgmqoEY5M3VNIDmY9VdKC vUaQ85euhDdieaRptvJT8WMZvtBwqw== =g4uo -----END PGP SIGNATURE-----