-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl | gpg --import $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org pub rsa4096 2021-08-04 [SC] [expires: 2041-07-30] E10F 6567 0C8E BE42 ED0C 3A49 CCA5 1174 468F 9073 uid [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) sub rsa4096 2021-08-04 [S] [expires: 2041-07-30] $ gpg --verify debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz 51bc86804254280a41fff4a42869f0bcc2dc414972be4b519d891d7f664dfce9 debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz $ sha512sum debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz 6e136df2356e28abc3cb58db6e662a080218ee777c3ddd3f34b760ce98c64182325e3a65c2e97efff511ef1634959947ec48364133b89a498091a490852b2cba debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz.hash debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz: OK $ sha512sum -c debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz.hash debian-11-turnkey-mattermost_17.2-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmQEVSEACgkQHkh6RjHW /rbPig/+J+0AyrfD55mYHuU9f3OMMa44XGDDX53ZWu/mUUuPwt+R4MH7MpvTqwmU sqATFHLnQ0an6okAM6OCqdOGKdqT8GmSAEpo2BALEIu+7k1cC36BHsrsa5o8F+WV nPRW7xSf3Cdf9eWLz12+PKXz3x3kGkzT5pE0lX6tq2HshpxDYzrPRxqdeugXXC5g Lg2t/xP0u89MweHYKWpet75qNfFOwX+dKWb166MFbDM2w9Z7BiRYNlN595CrYcDb T3/OzMWD9EMJ2XVE4DZMUGeO/fFgdvbGdfpE86TEU50B73mdMdxKwwy9f0t2JYii wl25h81XAAxBQLub9ujwyDk4Ue3mT9cJfkIWNKYgtVBTnPzhymTi9WsWz5fHy70/ i5zM+MzJ5fKtGCYLyKfQDdXG8Gs5rXLfpLsKoHCa/1fBj69ANfJMWDBQwKfKztzG 1umDW62sBGu81XiT1hbEYFut72idwstVbqfnoQiaCiPysM2Ya4/3xRtOhJkbGPi1 +mz23iPWIS/g0Ae2jGc1CGCsOqmuJT6YpzaDMDGdwBZl0AOUTO6drO0Kxp6fylYI BOW7AhX6ki+vkljcNI9B4ezbkqiQ078JgrJ18JZBYP2uZ8Nl+Ze0OnPsggF79Rdr jezxg+W8NX8oksAOpfxXVKj75HqkupDHZJ36i1gHOm+Lwqd7jnM= =HZoN -----END PGP SIGNATURE-----