-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-otrs-15.1-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-otrs-15.1-stretch-amd64.iso d4bbdd63796506b5a2531405071a217b6a4147397f94059ab835068c1577dcd0 turnkey-otrs-15.1-stretch-amd64.iso $ sha512sum turnkey-otrs-15.1-stretch-amd64.iso d43cdb49cb87df22dd66ba79b74c8f374885608310d18d2e963a1a3b22ceaa2e7d0a787386536b3c730c03d6b69a7debd14fcfd7fa2b22ef058292f1d13d6c03 turnkey-otrs-15.1-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-otrs-15.1-stretch-amd64.iso.hash turnkey-otrs-15.1-stretch-amd64.iso: OK $ sha512sum -c turnkey-otrs-15.1-stretch-amd64.iso.hash turnkey-otrs-15.1-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlv/pi8ACgkQhcJelaFu uU0xJgf/Uz/r0Daz8N9sr51PrJLUs8RPjMoBYNsa4A0GTD2PCqmBVMvQQzUu3M0p MKZmog67gfL+8Km8bMskFfYM9fWlXJrTiZ4V/ZQGJ9vn7QmIf3/gfHX14l3wtDP4 Q0PEJGwhd2CEuj9WOGhN1/xieryEYIQqA0bhNfrB90lyCBLM5TXC6rUG4acELl8G TxtN5SWwFIPyRSedcNeVO3aTS8rNr33/ixi/vk6I3CRfq4jpWsMYrcO3buJXiyzW 0h0HIJ8im2CCTdIp3xCRWZzhHyCyU9BiNHlm78DCLcNLvmRSlGJa1Y9CbCe/l1yP aroAmuZlI55NiLA/coHmCtae7MWRlw== =0weh -----END PGP SIGNATURE-----