-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-mibew-16.2-buster-amd64-vmdk.zip.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-mibew-16.2-buster-amd64-vmdk.zip 6476dfc3ea960f145165312537f4aec9ab098baf78229d63ecbf319394daaa40 turnkey-mibew-16.2-buster-amd64-vmdk.zip $ sha512sum turnkey-mibew-16.2-buster-amd64-vmdk.zip 2c02b2ff1bdcb072f9c9a1d4dc0edd3b1361ddb2d15438b85d20a83e23984ba5963162aa9e13112d658b4601bfd6818d76a2e1d975a3365198f82a30e82fa898 turnkey-mibew-16.2-buster-amd64-vmdk.zip Note, you can compare hashes automatically:: $ sha256sum -c turnkey-mibew-16.2-buster-amd64-vmdk.zip.hash turnkey-mibew-16.2-buster-amd64-vmdk.zip: OK $ sha512sum -c turnkey-mibew-16.2-buster-amd64-vmdk.zip.hash turnkey-mibew-16.2-buster-amd64-vmdk.zip: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmBh2NoACgkQrF6wBJPl vByU6hAArfhSOeRNqbeisu4cHWjgwGEkpQXsJwW49g5paFYP26/kGx1QLuheiRZ3 8XsQJc7rZhlU2EUQPGEoLT2szL8WfxBAHSrV2aKqQwz0GNKkQLuEEfz4MrZVKFkh S5LoFlgia09g1CNLCKzjP2wLGNRL1tpzyxdm9Jq4n9tuFpkJaj6Oned5dGthxWU9 eHN6yFS+3ezi624BPD3avmOw7fYaZiA33BNzLam0GHl3Zh0Hrxp2hoUjh3vJrjEV YBaKxDIj/axu+VkSmI1GQEzyoevSVpm1sxG3za13104DpVnTFmUnQzVXS+ASDKbS V/Wj5ESdH70b6n6PFjpjC/FJFugq1IO8TudkMhhBny2OtWNfVmWId6kguFRiV2Of 2XlcG6fZYPJ81CyfjB9W8LCnQM49KnH6nI4MA9oq2+/fpzVYlaCsmd+JKUjn36MB k1HqPJPHJq4ioXJNnnr/y9fr0MRlRmSiWXG3z1QsBZJ4GR2nu9f8oMjHwWX+kGP+ uTPl8mqR4R6QFkUiVxY3NaVx0Kg+dZQM6hn7nmQ0N5ZSKR/T2EhWPTDNxiBwrh5G pFmlJ3ZZUWgub1Ii9Aapt8Y9eJs6r7BxRggavDdlBN8LS2NCt+bYSldXnvywoul2 q/Knyf8zdj5zIUAHi7U3n3vuh45gLgDBJEx+AoCNJ2hwtXtKttU= =o9qr -----END PGP SIGNATURE-----