-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-openldap_16.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-openldap_16.0-1_amd64.tar.gz 69384d4bc93d8df655b4e82f323884c963c6c6464103fd84af50bfa80aeae59f debian-10-turnkey-openldap_16.0-1_amd64.tar.gz $ sha512sum debian-10-turnkey-openldap_16.0-1_amd64.tar.gz 2ef19da4b0f365071d5aee054a74627d36e7a3ca0fa6df7c90f51fa6821def69eba328282aafed91bca58561e67d95e0b3c3abe21ba11a688ab230bb398698f6 debian-10-turnkey-openldap_16.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-openldap_16.0-1_amd64.tar.gz.hash debian-10-turnkey-openldap_16.0-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-openldap_16.0-1_amd64.tar.gz.hash debian-10-turnkey-openldap_16.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl8Bl5UACgkQrF6wBJPl vBxl7Q//XlpFcgl2rcvdT+skJeUOrvWcb6jB72xpVgfY6H0RopeOPSlQU0XJDxGi N0DnkgNbAvSvQvtPzdG2ehE+cd/R1PwWvmwFWUwtiQxIEMerXktIcsRqZqUdGDQA EUn+9p/rQ6UtdX/0Qpzym019R48mKRTmEylBTuOtVIhBrorNA8fUk7ajCzlokxXJ egSBsw65vfYad8JtrZcjdqx5oZCZxutRLO4sFS7GWzWiYaGucXKEQJhWh9AVyKWr ARffaLCtp5AJChsVslJUt2S3Uy5p2Rhq2VsQ9LUvAz7YShgGQ3kMTW5FUTUl4Zua 0CNTD+G5ExTTq5kP7/J4oDJ8ltFkjpVMLXdTnTGh271jdzLFu1FdYU9jVrJIwck1 1iqRp1JwG7bGa7ebYPpqu00BOcOCdS+MiIrZdeTVCw5//jGzIWpS6pncIbbW5z9d h0186mFP3WKisebW7J72dxpobxqmFwAksbHLSbWZ9yiXWCxZP1anKWdGrkuDAEiq 2pWMGa8tIg6UFzQosrhyfN+pkZ+/28UNxemKfLgq4DItEdcnVs9RB311EvGqr5qD fON+vpHwb71llsDh0zG7jW/SP6pHq9j9aE2DYGmaUUV9QGVHBVkY3lZxJfCygPGe kUad6BjWYgXWNdJpbtMbV/mJddwWZ/4M2JFI9E9Wk35L7vQxSqw= =3zIq -----END PGP SIGNATURE-----