-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-mysql_16.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-mysql_16.0-1_amd64.tar.gz 87a9b0536de82610f29fd5d0f0c2e70bfac9bd38fb0a651fcb439dc46936a0e8 debian-10-turnkey-mysql_16.0-1_amd64.tar.gz $ sha512sum debian-10-turnkey-mysql_16.0-1_amd64.tar.gz 3b9d26e9a34a5688f64e3e15a40febec0d5d2c1df7e9d4c3c4750546b14a696da4d4235ab46bb8db83a4098d799bde12826fd75e9ffd68e31b93800e93e6295c debian-10-turnkey-mysql_16.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-mysql_16.0-1_amd64.tar.gz.hash debian-10-turnkey-mysql_16.0-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-mysql_16.0-1_amd64.tar.gz.hash debian-10-turnkey-mysql_16.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl8UCgAACgkQrF6wBJPl vBw8XA//dGelkK6NJNH81vuWQibg+J5mMbFLmxynx3ifU6x+R0e8yxNqD+iF+bxQ jqOhqQ5kejVgqDFmS4/ovQNYgxDD+cNSGruwupydgoOf9T7FjG6sk/EVKy5VVBrk onETwCtgPj19SF0ZbTOdFDupxfhDlWyC4d81nXhA7Iw4bF0ChCXHJoQKyEKnwrtB Bynw7ba2V33mby5BGWCCT1cNrnysv3pj07NI8YooNjxjePF+q47+Ghe9CnV9kuAh VsGS5OqTzvAYkcA6AEp9BZYwuiBHsdrZ+zbksozNa9bHN+Yg5O9r+kw53DZnLgSH 3GY5gsPnnPja4Ytlx1mftaWPaFY9R+gjdJIQeVauAR6ujDUuHpOp++nkNzLGkyBJ 87AJNgkpSMWdnBmlmDLdYtLefODX4lPlmHPltHDcj0fiTnfm7rYmlgWvd07oeLzi 7HrxDyzSlG2flaoVqm/n0Hj6VX2taPf6gnA9XI3hxkqKbK7m5bzuWJRbkQDi9ll5 rQ0pPMlg8Ec8WT5vJwDFtVrOijT8+iYJ+NgZA94/z7JxLNi6tTMZyDtrF8Sv4fLn OG2x2orxgd47TOx0YMUPPQt5R5B0c9Wqv4/4s7EWlYu5mMueD1bZdShuVP8KP3pc FgsNrTp3uWXsJpMm71UppSA64+mJ6T/vaBGTZdamiSbcC7CMgPI= =t1Y7 -----END PGP SIGNATURE-----