-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl  | gpg --import
    $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org
      pub   rsa4096 2021-08-04 [SC] [expires: 2041-07-30]
            E10F 6567 0C8E BE42 ED0C  3A49 CCA5 1174 468F 9073
      uid           [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) <release-bullseye-images@turnkeylinux.org>
      sub   rsa4096 2021-08-04 [S] [expires: 2041-07-30]
      
    $ gpg --verify debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz
      d36fb1ad4efe2156e23dc62e19f978ea6d00b837360b7ea2676c308b98f7b451  debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz

    $ sha512sum debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz
      87628fb492f635bc3dbedae210597c32e5d32e794bc5286a69eb1224c3a6c63fd580240a76b9f1d7fb4845e37e3a5791fa340b80f11c74acccaca007c96967b5  debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz: OK

    $ sha512sum -c debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmM0CTkACgkQHkh6RjHW
/rYjYRAAseLMzmhzv7ppOXkiDq+SdbH5UArXTcZdDeWIaA3zTzfnu1/TUaA4m30J
6ArifF/DfBkSCLGnD+p20gUnE/URsDKp3xPQ03hULWahF6ddsZEDlwbiFcjVBTs+
bStF6DdY/IKgp7SlLEwrrjk7FzoAlN1ypPESQnZXciHNVgxLvem76ue3Vhbll6fC
mM0s7OA83sD89X/kKh6LH+1lxW6PaVj/nAZvKYIpohu0fRpWKHr+Cc/gX0pvooBZ
v9kwiqvxXuvp+v09lT4k+8+vP+mvC2L5SE4PUvL/KjcPj5q1ROwl5Gva0CB28mIw
NeQPke1QAOsKX22DQQo/Xl433soYtE9no+u1y8rG9d36QI/SIM+MYBRgzViKWGV6
kAwNSpcfTbmYzfenQgoRQ33z/iPkySSTObNZZbzU019p/+DdxV95H8VdgfM2AQn9
KfQJptyHI/h4KfAcMn0OHpq3kNi0sHglehk5egnRzCiTaWL8LXEdXC4UEfZtZCpW
L0MFIu3KkjVOqs8Fk2CAsIjyDG/0/ded9IhK8raL38GiSicmKSo/NMzkSmJuMDjP
BV0xZ1TTLa1s6mLR5V/guZIbdSpay2XVLAdBKE+SQRTzjzCyUJ+Zk+nI0of1vGBA
/61R1UtfnsEY/kEeXKnYhN/ibJZxBNiRGTfGT4hgO1cngRQdgnc=
=8IRu
-----END PGP SIGNATURE-----