-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz 1c2c86f5d9e64166696cafb28749872cf4ab9cd0a36c449256a3a61e8ad7d63e debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz $ sha512sum debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz 7f992683d8360398ce61ca2ba20ced778acc7a5402d54cfa383b368dcb87793c8db5a99c219ff280d92f207b8710df0c012e06dda3850135ac45bec74ecdbbf6 debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz.hash debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz.hash debian-10-turnkey-snipe-it_16.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl/YwaQACgkQrF6wBJPl vBxyfhAAicVD2RjuFTaUqqvFWg5rxYKvuK1djmppp+tX9+esOwuYx6fpUrpzAWuJ vmzhQZ56j6mpAHZ1IgyVX1vatrPayTw0Bsq/sW2Wo1ScvLoL89kEedM2l0QMY/pB 6S3pe0781Q8BNA5KRgQHsuSASl5R+fhMGW2qq+H2VUiliAVyxyoZfagJ9wpwiwcE 7GVy3Jblc6+tLCg5fg77YtDkMhaj3HEJI1GsPBOEmFpZe+q8qaw9jtP6lixt1O/E fNLBDZiK5/2H7yZFm4NuIuFpvGNVbXITyTVYjH4VTfKSd6CFPZFAhGwIU19Ob8tk 83HPa+P9A0PJF+KXP8OGkh/wtgb/CypML4etQ6tyh29iRInuURdE03/TMXJGxpcW uBhD0yuiXY3WMTpIlvWGoYifflXsFJAPpGf/mS1MnNCvVXa7ktuKoMPfR8wUZEbZ /gFgCdoFPugd0rfdS4/fqNGcNKGjQxl8fGma9qpzGYVDw4ksK2UeDWm911J3D9Vu 1dINOgs/S9s66R/LqXFF5FokuDV5sMk6FvpRmEC/9a1ZtKrZydgdIzyeUDB+qA5x Aw8uo7Q89EFYoR354g7oxh2Geabw6KEHhYLrqc+maagnj0NO2ggdbIHWtSQ6+UPa BwZ9xOnzUDT/7PXfLJQgYHf8Fjc84BBJ13U5zJ0ls7JEATiEg84= =w+ij -----END PGP SIGNATURE-----