-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl  | gpg --import
    $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org
      pub   rsa4096 2021-08-04 [SC] [expires: 2041-07-30]
            E10F 6567 0C8E BE42 ED0C  3A49 CCA5 1174 468F 9073
      uid           [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) <release-bullseye-images@turnkeylinux.org>
      sub   rsa4096 2021-08-04 [S] [expires: 2041-07-30]
      
    $ gpg --verify debian-11-turnkey-web2py_17.1-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-11-turnkey-web2py_17.1-1_amd64.tar.gz
      d486ca77b2dc8501e2bd8471984cb540ad1c357ce7a8ef320116ca258f0af08b  debian-11-turnkey-web2py_17.1-1_amd64.tar.gz

    $ sha512sum debian-11-turnkey-web2py_17.1-1_amd64.tar.gz
      451a1e6f964acb2da41911a9dd2c672de338aca3e2834518a78968eda787cec075fcbf5d02110876cf299a7bbf21af34a72319a8c6fb4b0899bd7e7c341e016f  debian-11-turnkey-web2py_17.1-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-11-turnkey-web2py_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-web2py_17.1-1_amd64.tar.gz: OK

    $ sha512sum -c debian-11-turnkey-web2py_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-web2py_17.1-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmOccf0ACgkQHkh6RjHW
/rai/BAAmJMIJscA6DnZP9lxqOJ+mPR7Eo2N7UwhLR7XNJ1D85O6gpJ9osWktmcO
maL8qE/unW7T4AcszsiIyh0iJaU9LEky+OtblQQxf0gyMzdmKKtsJRpnktFuxYqU
o9wtt6v4IaCJ2uj4slxA1oyUNfZGXtTMpZnQ0f1XiYQelyPOOGIu45Y4v2TOR3W+
+jBeFyaMsgdF49ejCFa701/YFHXB2xUPZtDWCzYH3L63AobSSiTss8q4RCu+8oAv
sOqfve7WbbH33FkfgmP/yQdpB4k/MuMrywfTUauQENXJeIyVFgkjMuJe7M7g0b6A
OVmiCdbPEIVkzCxv53Mqrebl39IN/K58Vvnju1L8ES3yEcaGCN3i3kxrjJrG+PMq
ZCB5vQY+Km07aCwPgbComqXaHgPywjqJaItel/V45VKVvUbq/UsbkXcu1b9DJyxk
WaDES9wsfh6ntaJe3YJobd6+cmh7VOfRKV+nR+C/4EXRO8wGn9dk0vLRSkTUGiHf
sycZMJLP5ReAvhrNvhwF/PKJDnaXptfatQ4bwokG+Jai22O2qntrVgkE5BnxIMf2
qF7ZBJ2HS3Ph9ug7oRxz3MmDtbqz7Ld8U1IcGCFEvImCS5+6hhUC7psgda4ASoZo
UMDZtlRYrJT6ISZeiltNcMEfV323gXCv3GlBrCa+8Bo9FYhRkac=
=ShyJ
-----END PGP SIGNATURE-----