-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-owncloud-16.0-buster-amd64-vmdk.zip.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-owncloud-16.0-buster-amd64-vmdk.zip 2d86cf55e555dd74073ef56bc618618162e544094cac25ae6ae2f18139c8447d turnkey-owncloud-16.0-buster-amd64-vmdk.zip $ sha512sum turnkey-owncloud-16.0-buster-amd64-vmdk.zip d054a782f7f7d7620bb93666db4c6e2565c4f75dbc723c8b029ecb35b99df8801a91615b8e719e50c287319149a286d725b4264ec3aa580c6b51a1ea94b26acc turnkey-owncloud-16.0-buster-amd64-vmdk.zip Note, you can compare hashes automatically:: $ sha256sum -c turnkey-owncloud-16.0-buster-amd64-vmdk.zip.hash turnkey-owncloud-16.0-buster-amd64-vmdk.zip: OK $ sha512sum -c turnkey-owncloud-16.0-buster-amd64-vmdk.zip.hash turnkey-owncloud-16.0-buster-amd64-vmdk.zip: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl7vE5oACgkQrF6wBJPl vBym8xAAhTI1hxhEMDHzCpeSra+3lE76+eHMp4i8qu/WJsW1glsD0mq9kXpFzQgB H3i/0Bp8aw05bCV+Vw/MGQixDB6oBGq8bSrZ/8qzrjeeLRP1117HuFD6oqQ26sKk hgO464JRc463rkn2+a9wqgvKngOyuFTEkoX5MhoATRbjDs48sqzzF+U3+pWQ/Lgx nuxVNULNluMvQQTTQBvCu+2oapgasFLjY5JDAyZTVv9ghWhhduv+M8gRvKyfqBZL N5EftJuiZPQ0u04u8gcT9Ce7/I0Wu3J+Wl56FX9tpCcS5IK8BpYs1pmGGtJP1eju OSCmBYJUoAfFQadLsUMYJm7YNEFFvuPxWc9ScMX1QDLFHDhUucQmLUWsPPTs/x7v 79Lqqv+e7KUD15pk1xMLokCB8Ywtr0dD9X5lw+xCbwoBubH30130e2PAPX9iZSXx bVJLjBPRfL+hlnNQFVKzdEKQuhWuK0+707h1eiwKb9EvirjFtYToBvaJURITdZQb nyNguhxEYuhuk/ZQeK4stlgCrgBDyVnyoelMSh2XZS2GZgvJ/FM9XVK0k9EKpzJw qttm2+Sg6l+kdwZ3hZrgiSVPg7p7NpXDaW9p1nO5FCs6rYBSiunOnFxseFy+ZbHO GNmaYebh2RvtRfD8u2wzNfN69fzUmpUOaSUgNQ4kKY0EY4fZ0YY= =skPZ -----END PGP SIGNATURE-----