-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-processmaker-16.1-buster-amd64.iso.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-processmaker-16.1-buster-amd64.iso a81516d24043370e68ac0f1d1514f28017f71c3a8d8fae1c7bbe42a9d7ce9f44 turnkey-processmaker-16.1-buster-amd64.iso $ sha512sum turnkey-processmaker-16.1-buster-amd64.iso 242624d01f25ae9d92e116d168ed6ee477f0864836351fc7378bc56f5274326c661d9e863c46a60eaf0d0012af3f74f46c6fa96b4e34c4cd910e354cda0a0f41 turnkey-processmaker-16.1-buster-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-processmaker-16.1-buster-amd64.iso.hash turnkey-processmaker-16.1-buster-amd64.iso: OK $ sha512sum -c turnkey-processmaker-16.1-buster-amd64.iso.hash turnkey-processmaker-16.1-buster-amd64.iso: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmBh2OEACgkQrF6wBJPl vBz1AA//Sv0A8YjRTXQVgGTOjYcjM6U1lVSuSGzg6+pBb+eaPDo95ygLPSyXbpBL ZEvFt22XwcuHaVOtpHM7Cxzc2lWMxLkZ9knOZmHV00MAuTUyDcPHlAaTNrkdJYke SEUyrltXPC9fdWM7fe9fGo4iFIRlcLJPc8upXS47JfwiP30Slk+fySdClrHRH/aT dqYzxYw4N4NSxs6xRCczNiMT8efxJC48vZa2OzvuhGlPCbvGgcEMcUVkwxUcpy29 2oKEWnCSxoZ4LKaVkjK8gU2a/8eYPguUmaYb7Y47rgKF1G97qHgZ70zLzTL0Q4Aa pPMIEZzF1iLds0O4I60TtjBtt29Nej0rbcwhmjMbul3DvMsabYpvybSk043UudUJ qHpiF4TYcJuO9KoNVPG6kkKV/bX+CAh9PzV3bU/ARi99P37/Zktmwg7FPr+udMOU KD6DDZkWsMJrWY0mk0c0ReW6lawMdq3z53aDcIVe171uuxGGiH8Pd8WG59VNjz08 oowd4YqgjXCYAftm8/iLgp8xwcYCaBHgHXz4LmD0d3J8zpHPbt9CUMXXO1MQumbo Kg8bO7L690PNGHlQZdSnoL5eHsp5iC5LH5IwCK/iWJ3vJseuk+/XLzgDPfCLCMcw 6ckAFzvurKmr1dEPjg6OLXo6b16cZNy2KkUlV5Pyi+sPgP6nYAY= =7azk -----END PGP SIGNATURE-----