-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal8-15.2-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-drupal8-15.2-stretch-amd64.iso 4add68cb3e929172808ba46106fbc293e0ac497945f9c603aea9f04d5cf53174 turnkey-drupal8-15.2-stretch-amd64.iso $ sha512sum turnkey-drupal8-15.2-stretch-amd64.iso 581ca91f9951a90354b47e49695c4f242653148d8d50de60592efcdef50c6a7bb3614fb853e76291bdf011b897aca5fa228f7311640c1de4490609fe09f28cce turnkey-drupal8-15.2-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-drupal8-15.2-stretch-amd64.iso.hash turnkey-drupal8-15.2-stretch-amd64.iso: OK $ sha512sum -c turnkey-drupal8-15.2-stretch-amd64.iso.hash turnkey-drupal8-15.2-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlvITPAACgkQhcJelaFu uU26dggAhDVUJqGgdcZydaqi9UhLQaCU7xxJ7j44LY/Ik14ubEU28JXpXihG/FjQ J4M4WCc3rz5d58pbGwkSXtrAGpmXpW2SSp9fp/zFzuT0FHfEOE9Vg+LtulpYzoth dPCauWcZpLQzWR9oYFrm1x0hIwxm68qvicAHXFGjC7QUlrRbIioS4g1CTxWzIzoy UhkWSkArjPha/xPxzVjlT/ZaX+d0Q1aFbBnM+rs2yajnclwn8OeRovzM8Ou4BH7P dlVmtIL+v0MsC1D296m6Otp+4jDHxUKPPUiGnp79pqzRTQ16/We5uFIxIRtkc6cw TsNqw/7H/WiRQqk9nMIxwSjBOVRCcQ== =RT08 -----END PGP SIGNATURE-----