-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-phplist-15.2-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-phplist-15.2-stretch-amd64.iso be0cad1f57528798307ce92835d8c9de1e137511e8646576ed078496f8e9b59f turnkey-phplist-15.2-stretch-amd64.iso $ sha512sum turnkey-phplist-15.2-stretch-amd64.iso 54ea0601937d43346d76dacd07e7c126cc009b7043a28a8f1785c26a31c035e5af5b42d9217ace50feb3e62273fcb3a3996f273bf079b0860ea2f48855ca0d75 turnkey-phplist-15.2-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-phplist-15.2-stretch-amd64.iso.hash turnkey-phplist-15.2-stretch-amd64.iso: OK $ sha512sum -c turnkey-phplist-15.2-stretch-amd64.iso.hash turnkey-phplist-15.2-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlxhNwEACgkQhcJelaFu uU39CAf+NHZ5wzG/O5jZe9g8m1q8vVP6GrkWn7XP2SWWrIGXNSIf6unlYZ5T0vqW C51av8Aaz/5NdFJ6bxhV0wffURsOrb8YMxAXg6ATI/zJxJ1BI4fhZxJJhG/fGnTv CS47dHnvit8TGex2txDM2fIE0l/7lgtwjHlozi87o+9ssib2+A1viKvYm8bBw6U7 N2E1owULSMRLKLdYgqboqnHMZOhjfLcDzo7EG+mKi2Bbz9Q0Za0429MDZWTTkw4b zfYw3lm1Uokz65Aa5bRihUulZvNPY+9Tg6js4iLxumQQ/q9ZTMaYe0YfkpMoRAgJ g7pJA72RBlcCa+59QeuOVPgKctQD8A== =8UUl -----END PGP SIGNATURE-----