-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl  | gpg --import
    $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org
      pub   rsa4096 2021-08-04 [SC] [expires: 2041-07-30]
            E10F 6567 0C8E BE42 ED0C  3A49 CCA5 1174 468F 9073
      uid           [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) <release-bullseye-images@turnkeylinux.org>
      sub   rsa4096 2021-08-04 [S] [expires: 2041-07-30]
      
    $ gpg --verify debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz
      39e4f21857e418279f6e1e8ff7e5ccb245b9d0441d41d903440ed2ecbb619bde  debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz

    $ sha512sum debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz
      306df7948a6fbfbb7e665e7bea8b18da1656faaf4b7f80ac43dd558ce3a7716a8bca5586b5f6f08d302ab61f20af41fc02e4039274b11217a3bebfd0b0f41f2a  debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz: OK

    $ sha512sum -c debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmM0CTIACgkQHkh6RjHW
/rZeVRAAoBAKnKJX1HYMWXw4nE4vK6j78ipwKbA4C0w77ECiopHUF0Ixp03gXnaO
CRqbZjhBo66ewEm3o3mlwI9wJDYZBRLJsqVvFyZDzrx/3oXy+868fNearJIFDnrx
8XrZ3frtYJ441SW+4yO0O7ssndaX6Y/EzG8fUaLoTerxqgETtnn2rZ5ue4km7XzF
8HyQ/qZORpoP4r6AVv8dboz8TyUO6+OaPX6XzgS8Cr2X0loCslpJ1/SQ592QPf56
MDOlW6X5fYXLxy3FeKFFJV3Jt84NKbvx4ZUaT9ZVOSoaiwBN1cRFEct24/hZ2zKC
gHRqM7hCCYIbDoKNZcq0CfY893wMSm0I1Wp+li/21/FtTMHycKOw6hw5dGMHgtm0
oE9YqpSXXHsIB60tRdWzK59FeEhhlv/V3SXQUcER9A1iU0v+KQNLpUgz87khppzf
3xjcHdqghpZ+kSZ300o6fNEdRTbVXniNww3/wdN5+Aig7YbMwBFJtUD5QNGlsOG4
jiyevlFInKwCe6J7PAIKkVnRmkdtokltYkWL4H4olpR+HQFBnEwu2WjDyGcc0rB2
onFVJcrFTmRBoSi49zsm9Rl4eiUiZpldG4hD8sMEWftoNieJF4S/4qazDcPV49ac
mXLnCzDhreHr31kq8DZM6thoqbC5gOxDBuEUzgxMuLnUyLue7ow=
=QdFi
-----END PGP SIGNATURE-----