-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-e107_16.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-e107_16.0-1_amd64.tar.gz 2b902e10a7ab8d26b5e9ed49418c158599d934d38ece13bd2d51729e7630b423 debian-10-turnkey-e107_16.0-1_amd64.tar.gz $ sha512sum debian-10-turnkey-e107_16.0-1_amd64.tar.gz cdace509759c8191992b8b8a5189e11598efe2fa66510d0e68345f09dc1b57e0e2bd938c3a817243f552a3b0f3c2bb1f525eb4262da0da93949ef4398e371ba6 debian-10-turnkey-e107_16.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-e107_16.0-1_amd64.tar.gz.hash debian-10-turnkey-e107_16.0-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-e107_16.0-1_amd64.tar.gz.hash debian-10-turnkey-e107_16.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl7BD8UACgkQrF6wBJPl vBwIdw/9GKvfy/gRDoVueqa87UtRSu4saIN/Tdna0xeTQiw6Ul7qwW3he01Eg3UE epkKB6Ti9o4RmTHFLeHZsuKG8N3Q4xgSY51FsKSJrDnB7lFZvaAwvChUSwETWF+U Re+kHXJZpSvJMDt+i8aPXbo39U2D7FccudpDLagkuDma8bm3jiGvcVStHqE87Lq3 QJIwn9EeyzZTczCizcUXOBDp2dYkQ3K0TopbgbAI4vb5zTXlPcxFWBshbQaHexCN ieqvSrKWg6kiBiMCJNacxXCb683iUDkXYj+jZGGvUgPec3zRIDg9j09AKdVrnRKo h5RRqplFJp6ew4hQxA4x8mNkaQG2zD6+CFXI2uIlyglpzyRSn+8cWyi8gQdci9j2 Xxi2frosIsUmf4OfvbHz2aN6ZdF6wjII74gcuzeLOSHtUPFSGE/V5nhuu3+qXYkR tHTVmuZa3qIBi2ukqCTC/gS0poLpcr0zdXeHgsJSZdCkCMshBFnODfZ1JOB+rRIE ZDRqVLs50tRVepWyYGEm/cUDFSjZH2dM0f/Da76BjKorlExvxVo7Vsc/qIPE02dE 24/pEkffw8A0NEjltbDENI1i0JE9UILl9OfHL7gOmHkSYHi6SrqanRoUP8NMwnsM ULr+RP8Rw2CoQZqpE18TbTjAIPdHQOBDejCcLEakCHpnWqlLOLc= =2ibC -----END PGP SIGNATURE-----