-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release@turnkeylinux.com
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
            Key fingerprint = 694C FF26 795A 29BA E07B  4EB5 85C2 5E95 A16E B94D
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-zurmo-15.0-stretch-amd64.ova.hash
      gpg: Signature made using RSA key ID A16EB94D
      gpg: Good signature from "Turnkey Linux Release Key <release@turnkeylinux.com>"

    For extra credit you can validate the key's authenticity at:

      https://keybase.io/turnkeylinux

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-zurmo-15.0-stretch-amd64.ova
      bd2419f2c4f2c781c1e8e88767064c1767e5cd31dc6be693b69ffd0670772b7e  turnkey-zurmo-15.0-stretch-amd64.ova

    $ sha512sum turnkey-zurmo-15.0-stretch-amd64.ova
      99ab28f47d6e8be0e9e33538de55a8483cf6d1ea0a0707b7a6a1cb25b3d2ed64fcf56302b21b33be60e916ed9c8879263954886a361b8d3b99a043c24eb1b8d3  turnkey-zurmo-15.0-stretch-amd64.ova

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-zurmo-15.0-stretch-amd64.ova.hash
      turnkey-zurmo-15.0-stretch-amd64.ova: OK

    $ sha512sum -c turnkey-zurmo-15.0-stretch-amd64.ova.hash
      turnkey-zurmo-15.0-stretch-amd64.ova: OK

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlte13QACgkQhcJelaFu
uU0N+AgA5S1B7nw9UR+mCJOaLGVvB6zsa3z4xT+w33ejvV11qH9TGETTvs8bNnXO
V8titycNBIZmMzRpmIKsic05Z1HOYrSupkC7Mi6gbr0twoq4NWceDAQlPSX1ropp
CBwLpcyU7wOu0sRnzBJHyCAjb2P2fk4egpboAqLpINGxds6cVkoY0xQAG+FFZLL/
eJqvt3kZE5V5Fb9HLqxd0HrjTiMuudfP7UD+8zYuAJQmhLeiD+nmzO99XLqyudAp
bgYEH8XgL8XF7uAizreHgNFiTs/LkyWwhOpc+Qijdtn7+gWqh+9W9O011haRVas4
OWfKySlQLZgORaXhEI50jLbZhQDJ9w==
=n6R5
-----END PGP SIGNATURE-----