-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify turnkey-drupal8-16.1-buster-amd64-vmdk.zip.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-drupal8-16.1-buster-amd64-vmdk.zip
      b07c3a622858f35597ff0f2dc30da7e38cbc9409a7241369e655475006568075  turnkey-drupal8-16.1-buster-amd64-vmdk.zip

    $ sha512sum turnkey-drupal8-16.1-buster-amd64-vmdk.zip
      8a89cef12dd692491ff2514d6d10e8dc92c6dc14ac3a3ab8c8dbd7eb666d4eba4008ab2829756a0219b43cf0e7b0755d775daaf7e19a8affa4445f9d5d6af786  turnkey-drupal8-16.1-buster-amd64-vmdk.zip

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-drupal8-16.1-buster-amd64-vmdk.zip.hash
      turnkey-drupal8-16.1-buster-amd64-vmdk.zip: OK

    $ sha512sum -c turnkey-drupal8-16.1-buster-amd64-vmdk.zip.hash
      turnkey-drupal8-16.1-buster-amd64-vmdk.zip: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmA7b5YACgkQrF6wBJPl
vByYJg/9H/Nxa42ZQUp7Gnv9q7t88z09yL7n5bC4yKuvl614ElXl8mBCaFHm/GDN
en3WXRO6EypDt/Pcp4EZGfje2xOP/H1e9r3Eu/c4VlTVFikisYxjZ5r4BwvPcsx6
eFkeUEnx7CMbHygMtyqq4JceVkUyLsKbZzt64Aud67zwTUYmeVIjY9dmat/yV3+m
KcTXLuDHyHmiSeRHCmtPjFOyTGxJaIp8wDYwiYy02SYxdcYRwk4xhH/O98uixDO+
7v6BGBlNRxchXsh7svpzjJz3Bm8nYoweJq+UpDt0PXpBntvfUk33JDp9UDkSIMxT
4P+lj6VCtCcF4pUB8bodZBrBaM8QGvYCWoXtRt40BVPUIlbWZTMxG8wu9YuKGHxX
OFVJmurBq5PpZw383T3JJF9azd7K9wUFYJkEcFH10W/yCw4uwhMQ+pUpaw57LgtW
DZ9wslZbpBVvjYZFDUHntE0oT2qEJOAbYSjOmOCR27C+8q5UA/QIwJiSkgi+IZdW
vGGhdCHxG0LFI61+0OxE83FrhcodZ23o5x/IBD8d3uAF+/uhaxXlcR8N0PzXtl78
G0nFsN/TsTFMLf4kbzXt+g8RNc6cekLSWQeZwO+a3xfYxen6u6aL358lJ/Hd5EMv
apZjyqqF6jPDsXnK0mzlLSnW7lXu6m296dYik01AtS14Xrd6/fY=
=1ho9
-----END PGP SIGNATURE-----