-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz
      10ce7a9c3bc39df1ec79d75959ae3bf9e726b1cff65576011dbae4a31fbe52c9  debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz

    $ sha512sum debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz
      59396226d00d81a89f87bbf5e9b8e19cb7b702219feceb3ecac2bbc0dece45fb05362b3558d35a7a5bff61ff557165eb7230853dc74847953217073ce922a79b  debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz.hash
      debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz: OK

    $ sha512sum -c debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz.hash
      debian-10-turnkey-vanilla_16.0-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl7vE5MACgkQrF6wBJPl
vBwF3hAAztMW2VAgRA/ZlhTigJJtIvq8ABXnP42o5U18h3Aek3+nWVqXW4UUZ1U6
yh70IBFJ3z+Ol8T7OaNOdaduzzkUUs8eGRJl3v4g7HnHCShWuzPrvkHOaw5dK1Js
3ni62K5kaU4TxVEgR/tTUhCtk3IAIEDG6+s7xTkHVYNp/mHmuLluCoMn4GcyPejt
odDYBuZ2UFMaBVt0T3gIv97SRXUJFGXfTs10JYEcKH2SB/CUbykNctKzsZ6KyYKU
6+NSBSZUCRI/wmjEPalJQB7qjACNPK9HaV4/ANvdvsFf9VqIv0q9niFzGamwqEVe
ikABs8b4SPGu9+Mk2dCy/G67Fq1t6gVGWdbT++kCiqf8t01lA0+qbHSGyTswuqSi
SitC95CaKGeVt/Tr4HvYLnmY8l0hO9kYjMjqyPZjhp4rT1ziVcTGwERPGTPp7wRP
G/DT9Ws9RO3ywK0jpJF+nZUjzJu23GziFInuWA+UIyboh4qwztBMvaiJGDihrs4v
aXXQFttsyq6aubxSu95e4U2hXrVGCnSq00vWDe4K/1bIRcV/mK46j2hG5TAWOBAP
8YPv9rlA6W1B2PQ02LJ9qXQ/Ka8nomuLcqr90dg9DE5+5gcOxvIFW/i8d7JJHC/s
pE+AfARifX6Xjr/MgBXhv2Bp4pJbt/JZMu8bKpwbgYzgB7HOAbI=
=K31V
-----END PGP SIGNATURE-----