-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-odoo-15.0-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-odoo-15.0-stretch-amd64.iso 450edc8f03f5e04a9a6f94fd6b745c4348b9a826c2bc7b3955407520d2f9c632 turnkey-odoo-15.0-stretch-amd64.iso $ sha512sum turnkey-odoo-15.0-stretch-amd64.iso f36ad445715392d34b01b8ed1c3b19afaaa19447f050f6fd015e06df32d68d051745e1d4248577bd06a2d9b38fe5a9037f29693a9cabb517ee2b53a74d48ff50 turnkey-odoo-15.0-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-odoo-15.0-stretch-amd64.iso.hash turnkey-odoo-15.0-stretch-amd64.iso: OK $ sha512sum -c turnkey-odoo-15.0-stretch-amd64.iso.hash turnkey-odoo-15.0-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAluD9TsACgkQhcJelaFu uU2pDQgAyHB4wjztYphei0kWQ6B8C7FmY3ZUmo2KM6rhVnvQSr/TeSnDDKEngeHe YozZa/juT3w2gRYJAI1YI/5G1Dc+iC7W+CmYaaR46zYPEP5tzVkabsRSQ/qXc+Lk ABPvUyqNVJpBwtI7NVL2+JQc6iPLWS/Rrxp6vpW89Seas+E+4JM6ckP2oR12BgJC 19Dlf3ZDVKrRst1YhfejSsDqgIvM/v8NAhOHjICPKbiyc531YdhubKJ0D57ZLr+b Afp0kchjsPxY56o0KDmzhiO0GN5iNpONgG4/QLgexujkTonV16M6sIiaDfQ14qwD UE5Pac8/rBIk9Fgm+VDYe+h5qxht4g== =vcrH -----END PGP SIGNATURE-----