-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-zencart_16.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-zencart_16.0-1_amd64.tar.gz aef3a99ba97699cced508b907ba9c2022d0751632357f058e8b5ea99cca229b4 debian-10-turnkey-zencart_16.0-1_amd64.tar.gz $ sha512sum debian-10-turnkey-zencart_16.0-1_amd64.tar.gz ef09e1efa65b8c5ce0b78e88826ef13c4f39d8cd8f5ac8ddd994491e633b018aebf3ec4a9394b7f27c4704bff52331f45f7d8f7b67d26806444aa6036c191f05 debian-10-turnkey-zencart_16.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-zencart_16.0-1_amd64.tar.gz.hash debian-10-turnkey-zencart_16.0-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-zencart_16.0-1_amd64.tar.gz.hash debian-10-turnkey-zencart_16.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl8UCgAACgkQrF6wBJPl vBwZrhAAnTjHBAzdeiuulEuyYBNhIabV65mFB3X4KdSB0ikv2Mw2MKbksi6ubMgA 65O2mwkErg1khkz7hyAtmKNRsuWDVr5p/OwruTmH2hSMZQ8v9zpRAEfjZQOedXtu qUXARHKxccu+aBy1p/P+qSqe2gQAE13ieWhATm1l5TmjvfMQWeo9HMvNFMISQu/0 WL5GUpVDuV2rr3QiT6AP8P6e8kbpZzkRbkj+4Ohea1sfoB97SOCX94Xhfd+BWefm /Rm53WrlkDtNTYlNA+aVnmJuofXAufAhozVrdKCYDtHPQLkit8IY1273CQuUD4G9 7bYYsoBtrxbYciPXowOEnrbnyK1gsEjxkNFPYKDwBZkjJpqRV2PbmMMyUJs8To5d xu6PDnmNKeAVtIf4rhNudLvl6TUnYf6l0hGnQXRozimtggeL/ZwY4xYDnuu/0TbG SzYddgi26ZbjxuO+7DWJ4NEr9HWtLLwe+SMaUihZkaBZCz5+fp4UHHTtNCSUkn4O vsadd9lWhm4q30IeEMCzswVWqU3juGusW5zPnvCvyoPOMYhxXCaYD+H/aRObYYN4 KhJk2OBIVma5Z3RALJEap2UjKQFzvW7NzoyVGlCiWlzRzBcjME+3yEuXSnfoEIQk dtL/BZXIudQQGr8bJ8O37NZxxepYdscVFeCUxDkDgXUcndr7bj4= =21nH -----END PGP SIGNATURE-----