-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release@turnkeylinux.com
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
            Key fingerprint = 694C FF26 795A 29BA E07B  4EB5 85C2 5E95 A16E B94D
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2.hash
      gpg: Signature made using RSA key ID A16EB94D
      gpg: Good signature from "Turnkey Linux Release Key <release@turnkeylinux.com>"

    For extra credit you can validate the key's authenticity at:

      https://keybase.io/turnkeylinux

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2
      2f9475cc16019bdf91067d1aa4902a6ce543aac6051465bbde5308186903cae1  turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2

    $ sha512sum turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2
      d5a409fabf89946f3c1b02a14bbadb46b89a434b62e72a09ed495277dae2fdf2f166e2d7141d2a8e4b2d5cacb9faee0cf99055bea4cdce0c59e6bb6b1e51ed22  turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2.hash
      turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2: OK

    $ sha512sum -c turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2.hash
      turnkey-tomcat-apache-15.0-stretch-amd64-openstack.qcow2: OK

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAluM++wACgkQhcJelaFu
uU1oVAgAryVQHZyZNHe6fN6QuCj3hDlyDk4helyTZlfF2fQ6FhNHZBfteLqAYung
E/B4FJiWahi7jbKeDp8Ab8FlBj4h1a2Q/Tqeu96UOEqzw2zf6hUWuX9fYuV/JPGv
Z50vF6owsTEQOFfCwtfiBYlkhbLIcA+j017K3+DRzLxq1npAgeGqvuWzXMyzHB9x
UMpSKUfJB0awHc7aefD16vW7ZpKisAPijf4NS9Vs3nSyGp3PYOl+HLUnklcF4Z9g
6kg1IcCGidVrJKOOYZwQJPsOi8OGoA+8Z1lC26G4y0M/bEu7PQ6R6Yr++BTPWIEq
H5jXP6sJS/vOnkl/fFQf3322URDuUg==
=du5T
-----END PGP SIGNATURE-----