-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-mibew-14.2-jessie-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-mibew-14.2-jessie-amd64.iso 0191929330f8dd77456a14b4dd4f790807f0bac9b85b198e645ce03c94722cbd turnkey-mibew-14.2-jessie-amd64.iso $ sha512sum turnkey-mibew-14.2-jessie-amd64.iso 6db8b653da0c8564e21b69cc3f675cf46e1cc704cb80234b3fa7eae50e7ede4acdef5e9b3171ce4d040c72e746c4221cc9dad5552211d831789930a3c244d596 turnkey-mibew-14.2-jessie-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-mibew-14.2-jessie-amd64.iso.hash turnkey-mibew-14.2-jessie-amd64.iso: OK $ sha512sum -c turnkey-mibew-14.2-jessie-amd64.iso.hash turnkey-mibew-14.2-jessie-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZAJDpAAoJEIXCXpWhbrlNLNQH/jKykidNwZ50qjAl6EeI46M+ fYIefCiONA+xY4qQrTfzFA014Yu7ObuuMKNN/QezAvGN30OIKT05Zttiz9ahuAwH AV+WMEDRxBgNpo9i4RzsMnTSDdkWqqkTS2GeqUzf6TYdOh6Faq4FWiuRhDvSwUjC rlalkeVg7fS8kH2tzIRJvnJcEb3XxMN4x9XMzsB8JoqsSuxCcLOCpw3/h1/WT5ph iTiM7d9ml+odGmZ2XsyuXvxvElt/ljA4EUTwNsBd7N6yCiDEbsw7RfQL4SwXQ4/B AZkR2m0Xk7PNxWgu+xUEr8J4H3Sh6HcN8K3zPRNzlam2lrOQtDPPELhtdk+xFq8= =WtGT -----END PGP SIGNATURE-----