-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-symfony-16.1-buster-amd64.iso.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-symfony-16.1-buster-amd64.iso 1ecb6e9a30f1b69d0a74f03283af27a4ca315b514aa15053ce3b4a7802ecc82c turnkey-symfony-16.1-buster-amd64.iso $ sha512sum turnkey-symfony-16.1-buster-amd64.iso 7a0a85b26ad694640a43808673ffd65e1d750bc1e46f70b215dd6d2e7f3f28b3b488e985b1798e3d937f0270be9ae3eeb9e983478916d639c0bbb58712c5e300 turnkey-symfony-16.1-buster-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-symfony-16.1-buster-amd64.iso.hash turnkey-symfony-16.1-buster-amd64.iso: OK $ sha512sum -c turnkey-symfony-16.1-buster-amd64.iso.hash turnkey-symfony-16.1-buster-amd64.iso: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmBh2OEACgkQrF6wBJPl vByy/hAAynlGYL1irDxqaEWC1MU5RT2pKnKi2jS08gjFJYpdJDJpwHrbtJWDSpLd uSRsxeFcia3DUW2NK2aA6TRFhJfNjZ5XyLMoD6aqQn6KfX7kTKwqTPGmT0qRDyaX 5sOO+Vds6sEmVwq18oYag0BN63ayzldMNf9w+0pK+y5WLjf7MhUrQCkMTkhv/vo/ ttkwlaF9hzhb+iy2MoCWvMTsl5eq/JjjIe0j5FCvACclAEMaVZUN3Px5EC3uQTtN pKfrFyJMxNcu+lpgesuaZgY47lIPMg8HwFbJzLx/H/Zqj0yiiwgZi5bN905Mj4RD 6JSfTbcDXdvOb37BFxxXp8eVnxUwrPKbPCkwsszKRiDz0TRPLpdjh4Ie0EI9rrXP Fo2huENUKm78Tu9zEp1mI3UpghuP22kEF+Stu8ca3+DWwwXSJhDvBk0qjuWINFLh 0D6LOEkIoqCSmgf4W6/9MZ3hoLb+zs3abpo2lMT19lOYR7TrCtNp+23b49d+zmsv 2zCHHdKSRMScBMJBlQ5+H6WO78hIG9RUCTy6Z1qgaRFvMDDbcxrHBJSP7NqyexHy r4DwObHOOTEvW5YhqCxy3mLI4wd2zTFa+kH5jWlR3MmpQXGUbBMoNKHGJ/bYbtjF O9duEISaUSZUU8+CsChut8XOFcqK2J/yWzwJLwN/52SSqkgknZ4= =rGPu -----END PGP SIGNATURE-----