-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-asp-net-core-16.1-buster-amd64.ova.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-asp-net-core-16.1-buster-amd64.ova ef6517241029bd569c21345b8132227aba03672605d5f1691b9ae0d32967137c turnkey-asp-net-core-16.1-buster-amd64.ova $ sha512sum turnkey-asp-net-core-16.1-buster-amd64.ova 0d20214f53bef2acf0e44db44361820d54eb10c600b79709a7cae05fba9d2f61e77f40ba6fa394acd5e91c278484ee301ec2bfcba6feca93a565cb2e98608ca1 turnkey-asp-net-core-16.1-buster-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-asp-net-core-16.1-buster-amd64.ova.hash turnkey-asp-net-core-16.1-buster-amd64.ova: OK $ sha512sum -c turnkey-asp-net-core-16.1-buster-amd64.ova.hash turnkey-asp-net-core-16.1-buster-amd64.ova: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmBh2NYACgkQrF6wBJPl vByCyA/9Gb1kntldh11Tj5VbPGs0YfpaPHYMvVbGZ1z5zFnOPdEmLZBZCbAH/Zgl 6SqiTZnLQbLvKDgYHFabvzVSEXKrgX7vTusJ1mezG/C7eYIXRic1sPHl3GClAjZI 2rKL36TFvQqGO1cGQcGnHbZz9L4QZXmh2oRgcMmY6S/EFleqw01EPrvvT7EJR8B6 MyPislY0CGxfrlrGKcjwMVItst+e77hNHCDr6Npcjio1VsKTdKsJGUi6sGxNA606 SAOgEAsNl4wZ47B8FTtzRoKbtGb1S8kmKJaAgcOP6x+KH3Y9GiMlIGmcZsOrIras VPuhudJ2xXiktQ/0u72yRbN2JfKwpu4ZX08gTTeARpRjBVPLFHzVxg85mVZJ60m/ WIRKr2IiqzAH04SQrEKm7TgxfKMTt9gmvjOknvxwUARpcooEv/rI18DjEDlkSijH YQW22v4ZhhQ5RhWOtn0Ed3W6aWo/GMvCB8csxEyN98kbeb+ZR9JYRHergYfT2Ec/ XS/paxI4NE0BZ9T8x7LZdXUuowJ+QefHZbrJPR5uEMR8ZxT3hNCgsGT3DJ4SLp/Y BYUVOv5nnASfmKRdnUdCVGvpywMoJylGPjWBjuzj8/BdFtGo1/QZlHSmcUYktiu5 Oag6fws//dI57FMF6D2+ztBsOTcRpYfVCnklCM3t2tIzenHBTsw= =gGMo -----END PGP SIGNATURE-----