-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-mattermost-14.2-jessie-amd64-vmdk.zip.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-mattermost-14.2-jessie-amd64-vmdk.zip fc260aa4a0c8fbcb08d6b0217f53fc17b0faf6b8e00c225d055f38573f41fc54 turnkey-mattermost-14.2-jessie-amd64-vmdk.zip $ sha512sum turnkey-mattermost-14.2-jessie-amd64-vmdk.zip 8c46f9d087f85dbe4b1eb89799ab4b2ab356807c4801573c9f34157b582d29f63e3f11262a5375d86f009fd4630b02dca1d5e0e582d96b5cc4eab73dd62298e0 turnkey-mattermost-14.2-jessie-amd64-vmdk.zip Note, you can compare hashes automatically:: $ sha256sum -c turnkey-mattermost-14.2-jessie-amd64-vmdk.zip.hash turnkey-mattermost-14.2-jessie-amd64-vmdk.zip: OK $ sha512sum -c turnkey-mattermost-14.2-jessie-amd64-vmdk.zip.hash turnkey-mattermost-14.2-jessie-amd64-vmdk.zip: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZNo91AAoJEIXCXpWhbrlNuX4IAOfBfUe4s6VvZXzoMHHOg/3A IsRaVM2CEDx52w+HnQBsQrzd7WnusRSntQ87IyowQh/Bb+zbb9O1MkJiKludsBs5 Y7XdUwEmTHVqc05JFP3vd1DQ4FVDSwkSflfi1klhY9NSMwVZAHIDbPwp8/lgdCv1 4GHveYRHkhim4K5+RyeLNIQoaW3l82BBKbkngS5OaHtH7pxdmiAAwNsRBYMv7TX1 aMa65YTxm0p7hEF1L4W0u4GCzcerQHGEehSGB3k5XVn4QrOx9hxIqjKPrWRqrHg4 laSucvW2CDmiu5YzABlc26I6uUv+Ytq3Fa89fwOPClOjDaBDPPMfKT+KbZOSg6E= =gvma -----END PGP SIGNATURE-----