-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-redis-15.0-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-redis-15.0-stretch-amd64.iso 9272c5e1ccc426db453cf4cf4101f43c73771d39b6992890d4585e3236a3fbfc turnkey-redis-15.0-stretch-amd64.iso $ sha512sum turnkey-redis-15.0-stretch-amd64.iso 3762e84a873d5271ebb64b126a9557357944405b8dd9cc992124342bf987bf91a8f08188b04b3976b5ab11be08f4e7fd4817b77a8c0e93d299df002ce355e9a6 turnkey-redis-15.0-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-redis-15.0-stretch-amd64.iso.hash turnkey-redis-15.0-stretch-amd64.iso: OK $ sha512sum -c turnkey-redis-15.0-stretch-amd64.iso.hash turnkey-redis-15.0-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAl0THAQACgkQhcJelaFu uU0imwgAz7yokCFJQyPscubLsPNh74/NBHdRK8p5qy/V0SnUS2XWHRorlCcb/kOU prQxtiWuRbH0JXZ8Op4sRAaoao1Rc2ODWxyRwXJ/wXgawkLwTP4OhzwOSqI5R1G4 nwWITUyAW7VKvrvacx2s2RBuAtKiK3LuSoHXiqpOrHeC7acaAhlVqcPZHDYnE+1/ 4CZJXzRoM9v1SyrjArY6gxjT5NixT/2qnIHr0jC904DN/f+TVwBc8p9Sb+zeLUUP iRumRJzPohDl17KRCIDTSbHdB3kq9jyvK3sE6ojAc7rxEFKnYan3/Ke9LOzN0jbx atA4cpD5A7r93/8vvQaxQ7kLbFMF2w== =CsYE -----END PGP SIGNATURE-----