-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz 6c0c380fa0bd774742986f78dc65b28c3ac68398a9fbebb6fe787023b95cc5b0 debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz $ sha512sum debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz 92f5bcee57eae3209d645ec9c4df2e289708e498c693be1329f7c0266227e078f60d932085b1cef0110c04054d371b5a41ac66c27a20da4276fc7480825454f1 debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz.hash debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz.hash debian-10-turnkey-sahana-eden_16.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl9LYOcACgkQrF6wBJPl vByrgA//WNSeBnRb2zL21E79bkd6acO0C7U/waqSOvhfTBfwOw3LWMfErBXXRYAl fX0qINF2ZwIvN6XL/SvWCRiTIQ3wvs2mWQoiqRjhgyCLWuTtNx8DTc5GTFMHWGC2 ypgCHtAfuxy1pvIVjfkhqadVhzIqqipyWaTI6yFc2Afjlflcyxxb4aPghemBlmzc 2fdPETgF1u3yPGrVLtub+Rs0gDterDp16fzj9EgiNltLyefqONBdw8FEVB/lWMJl CmaVPgiKrXpEnB1EyYUQwpOsSOdmnVw9CCX6wLPapLvH19nekS74YNrvfjO+oxKN 9ZNUm0wdrDjqHDkUfbyCqY0mUKqvwzG7GkFpluvzsDyYC4VIWWNS9bSY6sTGs0uT j+JMHpOP+otK5mDvwmK/QIL8mH7YSQAoBbbhlYiREjpkZs8zPUEy4Wep0aGoVceC HQ2adaSdcHwvv7cj3CxOl/7hnZFOdHupSOzXB14A1OSFk5G8H7cXUp1RkdB4/ZbL d1dre5yu9f0FOR5jKXQf407a4fm8SuhA339J6k4LfpXvE0R8dUns474prBT+5ihJ LrWF7F1PqsjkWhvzsP7rDdn+IYaSO5uqGpdPb645yTvLtKlSYV5ku16VqcXWvme+ cNtBzdG1MY/xcuAw4skDgGKLUOT8i6LKJCetNTZaaHXafwzqTj0= =WqOU -----END PGP SIGNATURE-----