-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-snipe-it-16.1-buster-amd64-vmdk.zip.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-snipe-it-16.1-buster-amd64-vmdk.zip 55c283711d790a5185ae7410529183729df6cd56d4ef2dbafeab314ce8264250 turnkey-snipe-it-16.1-buster-amd64-vmdk.zip $ sha512sum turnkey-snipe-it-16.1-buster-amd64-vmdk.zip 3a4de962d0b01c54162caf9b933d9f72ab219ffe79e92d49f6da404beadf5ad61e671ead0f3063079c001b33ce688d39542f764250195d4a34359ca81f44b529 turnkey-snipe-it-16.1-buster-amd64-vmdk.zip Note, you can compare hashes automatically:: $ sha256sum -c turnkey-snipe-it-16.1-buster-amd64-vmdk.zip.hash turnkey-snipe-it-16.1-buster-amd64-vmdk.zip: OK $ sha512sum -c turnkey-snipe-it-16.1-buster-amd64-vmdk.zip.hash turnkey-snipe-it-16.1-buster-amd64-vmdk.zip: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmCOURoACgkQrF6wBJPl vByfjBAAsPqpNWaeNCzc6E2NtFkibaNuNt6lgbu6rNqRPWgfv4J+xjEvCa71mRAK RR6J0ub48v/QNluvNGELT2Snkly3vBf42bN79Hx7Dkgi+MNnOyDUdXwDeuAT9Nnx H28gJjztjLNP7WZRBNnIbW5+1F51PsTXpW11s9tBpEfOaVGF1rfZUkipRUxrqv6+ C1g4r1rWS9GTwjGUbMNwC8gszNEB/P0XNWxjI4KmF47RABx3BPFghrGc98rpy7vs VlLXjs0B1iBAqxktQh7GEqF3gwnCk3bGSW3ln28XIOhha1u2sG8Sje/UnAQ/bxqt 0Gnt7hZmfklmsylUDEX7vyp19cpw2HRL89VNiL5MkfgdjUoDHDtmxFPTnRGXHhjS BwY94KMGo0hOXxT1BAbCnqrPgDLpmKw8tBcjkrP9oPLSXQEdttvvc9rLr+xQoppW b8I/iI47wAtHtgMASEQrwcu0j/j8CuomdtM+Wc1Z7tylsV4jlzHwed0FGDqOzIDP pBokUtFnXdR74ce1I7m3BDAFNynp+ikiRGeHOra4G7sLokYxLGrVWvUCJhJ998d4 I9x2MqlaeiVxTzNJF5XtFjZSK71CuLYTzuuXCF9pd2AVrwfpUKv5H/pP+kQNbobT 2GmV+s5dO5lJh+tZAinG/VTZfUJ1BggpUoS4Sw1t5a41ik9f21s= =RgZL -----END PGP SIGNATURE-----