-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-owncloud-15.1-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-owncloud-15.1-stretch-amd64.iso b5ee7b01ee291cc59b9d8af27de9406a8a52b475541ca099616db7490b238557 turnkey-owncloud-15.1-stretch-amd64.iso $ sha512sum turnkey-owncloud-15.1-stretch-amd64.iso f92595600f9f631c649aba12f0b7a366472b931026fbe34ddbd1d45856a5e22cec4d8d1e257c9556c2d402975ea79504b23a8fbec8b4b92ff147f1ff372caac2 turnkey-owncloud-15.1-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-owncloud-15.1-stretch-amd64.iso.hash turnkey-owncloud-15.1-stretch-amd64.iso: OK $ sha512sum -c turnkey-owncloud-15.1-stretch-amd64.iso.hash turnkey-owncloud-15.1-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlv/pjAACgkQhcJelaFu uU2A+ggApBjPTH8GKw79EebUykPzqGv6iXvmHz9X4VGhmCpm6ylVQ7jxGK0BzKPP XUNQZ687ZnlPnU9TfBRQHOhrCLy0wwlEku/KRIxLyZ1oJjmMlXzdBpYYgmmNFlmt EXLnRH9JKWm5HsL1otgPsGuggQThiB10i/Q3fcCRe4ohJQzVf5i0A2HXpGxDR4xH TzuJ7YRqq1B9P5GwzXjaLisZOmCjvCyyXfqQRnjMfJnGrG4PUbpPS9orfUjBmESe H0jfVXT6J1YHLANHgJcVDLJv2x/eDiHDtD617XAEVQQ9i7lq4pMnGp3d4em43/N7 y5JaYmSHXfZfJfXiqZBTKB9zBPOYEQ== =/XH4 -----END PGP SIGNATURE-----