-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify turnkey-revision-control-16.1-buster-amd64-vmdk.zip.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-revision-control-16.1-buster-amd64-vmdk.zip
      59f7186e0900a9b7beb687936fe4db1287abb11d4c572902dbcf6241c1244a0d  turnkey-revision-control-16.1-buster-amd64-vmdk.zip

    $ sha512sum turnkey-revision-control-16.1-buster-amd64-vmdk.zip
      08e1ce5e40012ccceee72f85fc3cad7beb5e791a77f75850e5aa70040d9e6b7acad153aa1b397b3b5f59795a0eeb0c86187922fca74f4e65b86fd0ac0ad0aa19  turnkey-revision-control-16.1-buster-amd64-vmdk.zip

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-revision-control-16.1-buster-amd64-vmdk.zip.hash
      turnkey-revision-control-16.1-buster-amd64-vmdk.zip: OK

    $ sha512sum -c turnkey-revision-control-16.1-buster-amd64-vmdk.zip.hash
      turnkey-revision-control-16.1-buster-amd64-vmdk.zip: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmCzPrkACgkQrF6wBJPl
vBzTzA/9EODkQQ20EwZSXWbWdEydmDzmEy9QhaxkX3YrdPkzqYk2v8/Fm4iqO1O6
GB3FZUX63Yzein17CNkDunMqZQ0FidGFOHbvRuJTbG3ZgM/RJY/RKF/In/1l+Rn+
U/GRCbcU65526GJpyBL/XHmELGGBU/JtzBba3KZ+prPpQiHUNvcr/7MkToCqZnNA
OPeEM7GA6e5u2PkPK2GXwm2a7Ov8LhIwB8splHaSfPohKGqmzmLhFQsfTve+ijPt
kMG0XPF7E5kkVExSeQK19NkTWl2XiZ70VFR0dnEmNXJio6qJ/MXPzNyh1u1wp09i
34qrFws19qrm1IfWtKTl+cfXTGVLZhjxA+3wvrGF6CUwf/b15Ruv0vt0LNz9uWpH
obCilaf4GLB+7ay84+Cq0U00ucK1XSv8kVBxcPZiDKwrTXoyVOO2Id3FCY0lDbZa
OymDKD24PUpUIpamtmOcpj23xTKmPqTZAmL9z0p9usMQM1GkYu/XzHUTviQr2Uxd
Iltotzc1fMgfwU7lOQxo6+brHglzAIJQdFDW47Fb83pjm4ilRiFH18DmyL+JhvUc
GzEkVhHmAATu+eO/LhJwBk9F5Lu/QwNXML/u1eMiOxbt3xDLKq7m7dRtq+hKbBos
NgkQz2XlQA0anLJjGIRDlyV+roD7cAxTE6Cb2Kniecc8Ys/roVU=
=F/iw
-----END PGP SIGNATURE-----