-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-ansible-14.2-jessie-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-ansible-14.2-jessie-amd64.iso f096cfac51cd7ab8b20a7ca06db4d1bcc2be4badf111878926318b9b2de23c56 turnkey-ansible-14.2-jessie-amd64.iso $ sha512sum turnkey-ansible-14.2-jessie-amd64.iso f7ce98591d16d5a9cadb7a0131e2476424753f536c3e45712aca194c62d9756d96a630d19bfcc3c52c030c17de920a25d0e4b6561fe1e78b520b92b46b739e5a turnkey-ansible-14.2-jessie-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-ansible-14.2-jessie-amd64.iso.hash turnkey-ansible-14.2-jessie-amd64.iso: OK $ sha512sum -c turnkey-ansible-14.2-jessie-amd64.iso.hash turnkey-ansible-14.2-jessie-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZiFmFAAoJEIXCXpWhbrlN84oH/2QW9BCpozgj9TL9dSOsX/lg berp97npJNMoywoUr6A8vR4tPrBIFzkcQZOZC+CZmrhhFvWQb4OpAWBjDa8/Bv+O Fzlj9QMs0GwCyIHH37clrFjXgrX5uRUZOUyIkNWE6rXMehz4lSfmR0u2TmIqGQFm ysna7xLsVt2dRQQqPt08L6rIORcKKiIXW9I2ZA5nIeBnV25IaicIZ+zrWuvSWQWR 0/dtQ0ta97X+4yxuEJ/sTs6oBTYRd+gKoYm0iSsFMh8UQ4lPlpDYxBB17ATLcUrD 4to0hjDuManGFTHZKmn/wsMxlj+EptGDpDHta91oPfOIXvdzA7CKmeXKpCPZ8zQ= =qEv5 -----END PGP SIGNATURE-----