-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl  | gpg --import
    $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org
      pub   rsa4096 2021-08-04 [SC] [expires: 2041-07-30]
            E10F 6567 0C8E BE42 ED0C  3A49 CCA5 1174 468F 9073
      uid           [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) <release-bullseye-images@turnkeylinux.org>
      sub   rsa4096 2021-08-04 [S] [expires: 2041-07-30]
      
    $ gpg --verify debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz
      51715fe67560f13c7a273eba74cb7436b674cfe6e750a8c6379f0b0310ef2d7a  debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz

    $ sha512sum debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz
      574773f1c628a464603764398106953045bb0dd40751bad5a976b42cfe997f8b8b964e6edc82a13113dc512c988f35eacbc374cef02d6f79e09f1a4695fc2c1a  debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz: OK

    $ sha512sum -c debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmM0CTkACgkQHkh6RjHW
/rY/5Q/+KUNInx4tlQ52NoLzbp2YzvRLckZNaSCeBImioJl83zbFbUaQNNH7HB+T
wB7rHUDkxmbYT+BijmGykHGYKZYrPoxNr3WOrvgdu+nKgBTftlwFi6hHuIS2ByUU
EzHox8xEw98S4HGdXeoj7ZanWVR66fPwnaGNhdiKMGu2JK4LX8JMJQwPOHuz3vB3
TfLwgWALc+uQlBbq4jMF3J+G8uqz6XCEujL3jraSMCD7Zu9pqDPBLGW8hHDiByE3
uSjP1eenzi5oinYoePe3Kc5nHd7kNJEqXATRr2yTldOYVpnIP0B6wgO5C2jyRinx
xnqwtBa3LP4cIwa1CPpPBFRbOzdez7MAhNbufcbOmDCeDMrn79Dh5deRI1fwuTwx
BXQ4Y/trDwfN3BvlMv1sYSyqgy5jOxsxB9SD0Vu1+3uIk0MLKkdUD8hfLGxcrtE4
aOWrFC6DOp9YLRHTJZsX/LQB8axuP3gHWUZplK4czFg4Gurvv612lJi0xEtKRAmc
S3Pwb3UVF6YLFV5hm3vk81+P4XiR+Qcvnm3Slfwy6vycl179JGlhrnUI1t+rhzT5
0hRmrCbzYtIeOpeNonhcfNI8+3Vtst8Kr40mV5+0w/TS2ttuTa+zD+vGomtADDMt
4MJ3EHOM9L7cizKjBl08rzIpFvTRAh+K5kPo9I+A34wdC6/KKAk=
=q77K
-----END PGP SIGNATURE-----