-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-canvas-15.1-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-canvas-15.1-stretch-amd64.iso 904e25ac034a15fde3105a79d454286f5b9b61acce7d7e42c6f57d54cef7ab57 turnkey-canvas-15.1-stretch-amd64.iso $ sha512sum turnkey-canvas-15.1-stretch-amd64.iso 5b46538ba8b10587e3ebc29a28081ecf3242e6a800711c797ef7f99ef04c234ce1c70c413441ee17976b6ff9bcd8ccabdd7679d7a8411b22327b4fe55728a274 turnkey-canvas-15.1-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-canvas-15.1-stretch-amd64.iso.hash turnkey-canvas-15.1-stretch-amd64.iso: OK $ sha512sum -c turnkey-canvas-15.1-stretch-amd64.iso.hash turnkey-canvas-15.1-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlv/phgACgkQhcJelaFu uU29kwf9FgLomRf777dVLAT51L+JOw4bQXiIwRlIYmYuRgIjOWiv43Ze98u30dn+ 4AAZo6KigM1UsahyNQGsanhVh8rpheiTxhb4yoXQv8Um5D3sbXo9veSCyq3LBwr2 B6AKk292NVE3zuld9Nw0RyzagI98zHjmc2xrQhgJQUcjAVxy2LbTNTeXncuG0J+w YN3eSWDVM6IlSI+SB5Ecigo8iRAxL6ojE7crh+GX41BwhBpCDm++05/NLC5lqbdG tC2gTQ8o//yFOVjuP2RbmTOtmM9wxQE8t1UUCYQamC7IKVJMYrf7HLtMX3Fsu0UZ MxbnVt1rdbY73u9NkixkQjKP8au59g== =jLLD -----END PGP SIGNATURE-----