-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl  | gpg --import
    $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org
      pub   rsa4096 2021-08-04 [SC] [expires: 2041-07-30]
            E10F 6567 0C8E BE42 ED0C  3A49 CCA5 1174 468F 9073
      uid           [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) <release-bullseye-images@turnkeylinux.org>
      sub   rsa4096 2021-08-04 [S] [expires: 2041-07-30]
      
    $ gpg --verify debian-11-turnkey-core_17.1-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-11-turnkey-core_17.1-1_amd64.tar.gz
      8652f6df0d6b156dbe791e94597579fa5aeebbb0b10eaf49a0f041d487217ce6  debian-11-turnkey-core_17.1-1_amd64.tar.gz

    $ sha512sum debian-11-turnkey-core_17.1-1_amd64.tar.gz
      0e193b2ea193a9565e3f37c7f355afc390a9ef6c9c7c0741e4414e7b0e410fc93ac0ac56ee1b0279c786132478be009a56784618f3cb3ffec20d9a28a3f222cb  debian-11-turnkey-core_17.1-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-11-turnkey-core_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-core_17.1-1_amd64.tar.gz: OK

    $ sha512sum -c debian-11-turnkey-core_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-core_17.1-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmM0CTEACgkQHkh6RjHW
/raj1xAAqjc504SAVjfNHWUWdMpSR/BN/yqORxeif3YHwChLkGBzh7X6tieWapd3
mJnU7CUPIYPuvarkcZiurZV1FIiwWGlVwrEUYPkev09r4Nx03QeBiwP1ksX86xiL
brdOqcsgB2R7OHTVGht1zRCiVUJx844vkD40RTYtywiklkDy3tE9aAXs9HiiLE1F
6kk2XLl4tMASBEmjyLDwtKzllWcKRbdooyYVh5rKg3iNPpxk96Mn6dSidvQ+ZXK2
2jAkf32F+L1/9pKwmrUGF62Q7KDg6TDzUCHvdXVdDvSIAyt682TfnoJkB9FYz5+9
KEGJ+s7Bic2AqwZbGToqj7w3bJgqZ2qZZpW4BVYYRvWaErCGGev17d7MbzoYDkeO
FUGnP1mCBQZKjLXizfZOFfayGqad123QdSHGBK+KcEJVmN8Jp0426mqWFf3qI8tV
snVUwpFnPbGEoMdGxrPUtAg78XcEBjSkYJuP39c/AGt+ZmagfMmJG0cKgMoUWtg/
MFzH7HUlPiEDBJpLBmMGTA003YYJayK+Cc95XPwrgpmGZpgzh81xAtsl5hkdhb/d
zLvP/AdDWdj4WBVFi2yiKBADjZZX9zoIFTmHrm1+wYqmVV0TiGIDNqAsAJHXjuaq
T/G/k5Xg8Oeh69N9nbmMhDVtHrsdXT4c4YFZMz0vBxDYbbJGDh4=
=UDuj
-----END PGP SIGNATURE-----