-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz 490507fdb35f56022d12b8768bce45f872fede6ebf22668c885bebb9144eefdb debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz $ sha512sum debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz 22855a4d38f167a901f3fc6b8c715aeb3eef01bf4ee102dc789ea4a19741ef66cbc3506894dcd40c2d93f7c2efa1a544dc43f69b0b2a3ad92ca231973b19594d debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz.hash debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz.hash debian-10-turnkey-snipe-it_16.1-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmCOURUACgkQrF6wBJPl vBzKZA/9EwZ2B7nJcKdY8b9h8ULK32g93Pmc6DwdA5nsTt3cOm1SeJufWK2/kkUN 8QI6RgZuXlC/JyYez8mrs3mTiVb3tIxk72YbcybsI7dF7URCdrq5PiRzOzr8pOyf Tq7GK7Rm1yAEYO1OSulbrXywK9fnk7H58KeLz7Ptea7dgrYKnV0CIyTy1bA0Z5fd dS0+QCMEat4uN5OQOdho392tBN4g5ZESOXBLVzUDdDPQ2vRVpCNyYvbgdejj4or+ C0zbUnbZDRS8s59UlH8A3Elt1bSiq9IlMVs7FokC3YWBjWR+1YN7QMsx//cBcxeJ EDOipW2s5CMUMIKrQnmQIaaqSMI81bTICu1QGBnZUAit3RvRTI12srL+EWepIQWQ FDMwKkcp+5NXWqXB2D2ntOLaFIDmH3mvX50fnlrQdkzzGsbACXWhVoUvZZiXohAT eNgFCfI8LmjneuXsLq3NLkJFN+S09e7EFvCWdQ8/YJB2elj0hueCwoBc/aPC5jbS gKyUU9dftQNxcASiMgnKQmOLi5VvkelHnEabgX6i5lWVTXJVsWE1FhIwsRfxyXA8 CMLjkbTFUHmAE0VpF15Vr0YXxvJEpR7VY1yOyCxn0acRtpXfQ+DqNA2nK3uNKAg1 sTAOOXhZV21VlxgBZpNZw62bEQOqwtnW3L/J2uITyCgcDT6/WHM= =ROUu -----END PGP SIGNATURE-----