-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-mayan-edms-15.1-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-mayan-edms-15.1-stretch-amd64.iso 973603e79881a454b95d131afdac546d5074733a6b2b1da84b5010d4125fc4f4 turnkey-mayan-edms-15.1-stretch-amd64.iso $ sha512sum turnkey-mayan-edms-15.1-stretch-amd64.iso 8eca4fd82e600b289098858f2f9271b2dcbd90779c082cfe28b23269c5662d1f9bf7e1f482037e4a52f7101cdd584ab4bb9bd86670236253bb27bb71dfb6143c turnkey-mayan-edms-15.1-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-mayan-edms-15.1-stretch-amd64.iso.hash turnkey-mayan-edms-15.1-stretch-amd64.iso: OK $ sha512sum -c turnkey-mayan-edms-15.1-stretch-amd64.iso.hash turnkey-mayan-edms-15.1-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlxhNv8ACgkQhcJelaFu uU2KHgf/TlgrvpLOxWBsYhwB5IG3+Wde6T0evdO38BWaCVTU5a0dSZZ7Gfv3qpuD uZUTr+M2vtYF9/dfe7ypDI4K7GDbZWuCDK1aMdRWdNoCFq7liapTbdROSvChdKkV vEI8NU3mFxWidB8JmDIZt5OaOPAsVUciDbVKvypg0LDblq3KCKO8JfQEd+BUoXIY 4e8S6sGf+3Nem23a8zOVmVQrNhE3ZHRiHGm4AzVgcd3+VJM7qmh5kqOimYvCHIg5 tbBjQApOjvMfWADHhrGF5Y8QVkoGfSxnf1mBs5nnLiiB7EHIzmSznvwod3aOwWUG 1nnH8l9bzL+CGOrd91PREgYYYF9QPg== =S+17 -----END PGP SIGNATURE-----