-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-redmine-14.2-jessie-amd64-vmdk.zip.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-redmine-14.2-jessie-amd64-vmdk.zip d42d8bd1be4b317b2ddd935674ace04f15fcd36f1036234607dd1a7ab78e3790 turnkey-redmine-14.2-jessie-amd64-vmdk.zip $ sha512sum turnkey-redmine-14.2-jessie-amd64-vmdk.zip 3b774a754f8afaea0e15cf4f9a60a0f955ffd8c34002f009735a5a5c50aa90d11cf37ae207834e864af0fb0765de90d93178b45b4fef7f245a85e54871c651f7 turnkey-redmine-14.2-jessie-amd64-vmdk.zip Note, you can compare hashes automatically:: $ sha256sum -c turnkey-redmine-14.2-jessie-amd64-vmdk.zip.hash turnkey-redmine-14.2-jessie-amd64-vmdk.zip: OK $ sha512sum -c turnkey-redmine-14.2-jessie-amd64-vmdk.zip.hash turnkey-redmine-14.2-jessie-amd64-vmdk.zip: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZeIKlAAoJEIXCXpWhbrlNyykH/ji59PgbQ7GLUsMgDle7b5Ny 57IXs8XMv7FCM8pQnUpFgVc51Gutqh2iK4Oq9WIpBe5n96xZkaxBYbRieBq7L/Mh lw91XSpelf3eyBweY+AD9uUEHg0BX8oMFmVBk4Y+/DnZI2G5mZpsDnO2g/nKYY9j IQj9Y/mZ9cRL18WAV75xjJiZNWE4nhr+zBOEMqog+QZ/OTFiFAQtkm4sinkRX5gf dSHIy7/8YEB2IqgYCb+28ZakvA7c2D4ZULrw/Ef24+KhQzQDIuznbRCCt39qxxLB UgSKi85XsoT6IKctvQ5v3bzVzV6WO0hOptyUw8pOI00BmY/xtAhthW6mnBztpRA= =i01t -----END PGP SIGNATURE-----