-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-fileserver-15.0-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-fileserver-15.0-stretch-amd64.iso 3c57965431854a4ec13d091e5dcf19232467c7f907be97faa803a7a9d0ddab38 turnkey-fileserver-15.0-stretch-amd64.iso $ sha512sum turnkey-fileserver-15.0-stretch-amd64.iso 911300eba416cdbde807db5766bf8f69a843bc084666334021471b43ebad6dd7700087afd7d137e536053196b0e99858093cbdb9e3a562cd9ff39d128cfe55e9 turnkey-fileserver-15.0-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-fileserver-15.0-stretch-amd64.iso.hash turnkey-fileserver-15.0-stretch-amd64.iso: OK $ sha512sum -c turnkey-fileserver-15.0-stretch-amd64.iso.hash turnkey-fileserver-15.0-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlvITPIACgkQhcJelaFu uU2HcQgAsPffXFTVQmnrzQYz+zgVKsewE91QjtnwPVGedPe12H9NPWvDl5I9FhuL LA5GE1WBTfZi8Zon8ncRnPyBlk84uJk60Ru+XqscO5Hnie6iIVHnXxHCjIIi56e3 g2IBHo0MuQt3pCTaMkCLTWGa0Cu4iKDxwZrnaUQnsGD1eghkchHrvyzHDrx7pL7u w0jrT0kiTsEz/71usjjBjJ5ThHsNmLEy0DKNerFGZ2HAU20uUD73aIXBxT51vuSr EvkB43p3P6wmjZwksZYPC/c459+2D22HCyhxwzc3cJuIAVI/8/Fg/KYls88bCRpR 5gl5yEyIfEPd+7LBiQ3MuG/CaOOR2A== =wAr9 -----END PGP SIGNATURE-----