-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl | gpg --import $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org pub rsa4096 2021-08-04 [SC] [expires: 2041-07-30] E10F 6567 0C8E BE42 ED0C 3A49 CCA5 1174 468F 9073 uid [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) sub rsa4096 2021-08-04 [S] [expires: 2041-07-30] $ gpg --verify debian-11-turnkey-phplist_17.1-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-11-turnkey-phplist_17.1-1_amd64.tar.gz 2383e2ddc923bd9a3b5757f4612f42cdc40e518bad43447946dc5c24ccac5c5c debian-11-turnkey-phplist_17.1-1_amd64.tar.gz $ sha512sum debian-11-turnkey-phplist_17.1-1_amd64.tar.gz e9b3e5cc0845ba65cbdaec131032263b310adbad255780a5826ca337a8e9e78bc8f623c471ba210eca8758b3ce2f1f093009ec94c097c0a6ac0c30d7d744bb7e debian-11-turnkey-phplist_17.1-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-11-turnkey-phplist_17.1-1_amd64.tar.gz.hash debian-11-turnkey-phplist_17.1-1_amd64.tar.gz: OK $ sha512sum -c debian-11-turnkey-phplist_17.1-1_amd64.tar.gz.hash debian-11-turnkey-phplist_17.1-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmM0CTcACgkQHkh6RjHW /rYjBQ//Qq1VwyIjdccsXzO5ZjubLP3BZHqftmGgoONFKYMO6o26IrTKvaknoy0U 6CTQKoQ1TdcKHSdcANds//u8FLG2XxhiL9ZgcgqkMGiBSbOeIbuyD10sgZ8X7XAY lNF4GTDD1NUPNScHxNvq66QW8XFFR0K0kjKc6aJktKg+ynAFW8gCdsStVSDmc++0 3Ho2gU5OqCQeLrKmCRPbhqkFIBsGss7tBm422c2YwiuD8926FZKcJG6o7efdPvwf rCwhoIhrsOJVz0/ykIHKWkC9STdCzdNdgoCfnfdBDRho2NOoCFWVzVTu6GIsQ5An c2a/jDSt0pmJ7vN2tj925FABfxNBodICkjgKOn4KyNl3y93UNuwyZbeYtXAK/6K+ L9mwMhJN2g3+JngVfdbDXMwPvfMSeziqtebOxrvM6oxB7D/qSEWOJN82BilbNNHl qAbWosjAQ95Cc4ZOWd8r6tNKzc5PKSHKc9o7WZ2My8yNt1fgQS5uEn4b5yg31bq9 LSkZY3XXW4KPXNJWeIli+Z4vJUrFjqKImozsAlNR2pU75ZBYuHejX3o3ssZ1Z7go wb3MofbunvnPAshFoFAfn9HqPTyIwi0kh5d9KEqbqoc8fLABC/uRtPM2dLappLBE ROx4esjMN3G+pQZ9QUTNrrWuy5zrZqCBiDNE7Ni8RGgPHcdoTu4= =I8FD -----END PGP SIGNATURE-----