-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-mibew-14.2-jessie-amd64-vmdk.zip.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-mibew-14.2-jessie-amd64-vmdk.zip dda083f0cb3596c7ba9ebe3e26a547c66e10e36b50858aa19abb4aebcf427d3e turnkey-mibew-14.2-jessie-amd64-vmdk.zip $ sha512sum turnkey-mibew-14.2-jessie-amd64-vmdk.zip 8fa567306c21a4fb871f758045d2ab9441f0818b41319a6935402e43beecb5f788bb74bf319e27866edf322cab13141fc2ecf57fce90da6dbffc53c348d1d6b7 turnkey-mibew-14.2-jessie-amd64-vmdk.zip Note, you can compare hashes automatically:: $ sha256sum -c turnkey-mibew-14.2-jessie-amd64-vmdk.zip.hash turnkey-mibew-14.2-jessie-amd64-vmdk.zip: OK $ sha512sum -c turnkey-mibew-14.2-jessie-amd64-vmdk.zip.hash turnkey-mibew-14.2-jessie-amd64-vmdk.zip: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZNo92AAoJEIXCXpWhbrlNrzsH/3HZjYpp1tOXdMfs7FoeHgdP JVpCF/IY3niyp5CrprWWUbK8czrN8BvTv3Fd8iSgVq7ocD2shW3hy7X9KcvEt4LU 66iV8YlDYuxAzqx9ycwUyiAMnuN7+cJvPdJfmCWRFRRS74RcZvfaCSeSXdd7wZAo ZrpNNbTmY83Tq2zJ8ckTkQs8kjh9+/8AKzBlcLWuBPoWBkaJSPlbZBIlU9YqBkG9 znAqbq5Evr09P38GfG5f5vaqx9fjVw68HtK0ZwLI96qexEwSoZtJWsR2eq/x48rO /g0b7bOuhp9kd03tCIx+H9PN9DXU21F1rIEdu/ZkFUe13Ib0Oo5i3m1G3l84Ofk= =giJI -----END PGP SIGNATURE-----