-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-prestashop-14.2-jessie-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-prestashop-14.2-jessie-amd64.ova 0a12817d35a328feb9043e6325404563e83cd0635bd290002a743ad3bedf6214 turnkey-prestashop-14.2-jessie-amd64.ova $ sha512sum turnkey-prestashop-14.2-jessie-amd64.ova 975b2dacaca8509e23fca132e01dc45ff8120712e969115afd8f1453a2e93d7214e78ed8c1b030e693975d4b45e5b5b811b2d33ebfb5560b80f973d6f23b6b24 turnkey-prestashop-14.2-jessie-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-prestashop-14.2-jessie-amd64.ova.hash turnkey-prestashop-14.2-jessie-amd64.ova: OK $ sha512sum -c turnkey-prestashop-14.2-jessie-amd64.ova.hash turnkey-prestashop-14.2-jessie-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZeIKlAAoJEIXCXpWhbrlNiN4IAK2h6FY3ciduVn/aji9/Ci7r CbteYZ1Jx0bIo9wj5mlCyHoHxsdpKqZS0YXjPG+mxCtRtGyjRGFde/oBxytQXg4V SsumHIcyUu2Rz2M6VEe1cUvAv4n8QIE7pcnn11xmLrhUuxemwJbKJ21UZCbQ6MK1 Z60GwcoXDHpcmqo0G7sX+nw94Ro56/m+dnvvYAjnSnITILjqLw4wE6dSaPgkFM/7 QexcrkqvpMFV1NTgRHAMeLH87KVqHI/FYV+C9oS4SHFWrhYufirz+XC/85gZcbYY qx2frKp/8LkKnpHdTc+9qoO/aJy3UBldOiHKDJ7wfnqggDKEGDMAGlIsXq1bO1I= =C/sm -----END PGP SIGNATURE-----