-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz b1482d380a5df337a3047ecb5fc1cbcc362c47c07821edb1c019b4347528a3b8 debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz $ sha512sum debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz ba9ac4700fb091d9fede25dc17aa981fb22589036ea9d3d88e6d963865a3ee45f83de6ebe5220a1f70ee9a7d39e8206a1aee6b62442d2c150b670f889464d0a9 debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz.hash debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz.hash debian-10-turnkey-phpbb_16.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl7KTa8ACgkQrF6wBJPl vBxxlQ/+JBb+8kyAdOge/+P1s8LH85DrV4cIlynT2BB2ynTnVJ2MwuuyBNhu7ucM LsJVg3dxQmHvgJu04kVvFQvUErMb6nL/DhuFHLjYvAfXZU+Gh9MccmACZy6eFNCP 77OzxBcfXFzpWUbmcZCbe11zNsr1tjVfdodjMT2zi9qM/7AAE/JjiPqFnkk/iiv/ k8OSVLFNeGFj51kuUata7+a1xmzevC8wCCOa66FS6ApsNMkDcvGjCspymXck/X6W YOH5GuWpU7+1q3LdVVy9rPQku9MYkhEaftlgmoqpgcwocBwSSDRjwOYhclrnfIlx nHaGxQ/o13qb9blS0tpHd5d2K5PuAI6UDkRUZPSevhVCcl658aRiezC55Qk5srcG 02uJMfjYLWNuvHiAUgZfZ3Dop9upDgk8H4rKi67OF2AQMCsTSz4TDt1eYZmCrTu9 +j84SNdh0qGee3/KQMp6/3O+omheiXkpOOv8oq+dxL0rDRA4PMzf2umRMwIYU3Rp YsLOu8tOL4jLybs+n5vj3UBm7ZuBlZZy4RUJTJJwUJi/Sa/Rnkufb76X1k14VvhZ hwPWP+5qhpSxGUtwMRelaU4W2+G42qDA0ZMT8xzSbuKMCAfbiyIhM9GSLhVhemAD Ch9gm61rCbBun8qU5sMVBHDnPxhinDnvkWrVBpvPQXsBm3RygzM= =xMIk -----END PGP SIGNATURE-----