-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz 2bc49006edf76980d4ee5a355ace77e334c603cd0180a0d7664a2444c6ab038b debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz $ sha512sum debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz e8278a08cab8a22ba2288b1b82b07f86e69505c16c7937e909f5ee5147c5667c5a29a0f5892733204c3a413dc274514aeedb2b954678abd5bbe6344a854b82ef debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz.hash debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz.hash debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmCOURQACgkQrF6wBJPl vBygnRAAp97bkMMFZ5zv5082A2hawk2pn+gZXazyG73jhKI2lBlnpOJYVqyt470V MoTKUJ1KouJalQ+tgKPQajFvjeVsJ7JnlNxO2DJ57xkJARkUiINNMIOaDedJBg0D Gl0wcTY4pbyKprGK23gZhVuaIG7Kbop+QlS67BgNxMPR+j1krkqxarMwm7q1XLq/ 3neS59dpkyZCgcbpebU+Gs90in/iWQJPtvbOr4M1fCSBpVGQt/Ls/RbxpAk0EeN4 VBPIVIubhUc0o0MQNcpdWhvVnlM64Efv+NAHwX/U5XUHQ1YatNXXcPzQUhj8aULG aBAh3TEDjufPXbLDgBSZYd9/rRGug65dXHyBPIV+D1n1uDO0hl8hivHIoLrDVvU4 wQz2MTl8Yx0U2qtWYo0CprM2WSb2ybRCwLje6K3HXPd8bErayqvt1hbGV2mfVDLN akVWxG3UtohkeVC5zuN8ycRbQxaNkknWmC1kCUA9+veofRREyCuiq+lNrHcbK0WJ qnkyBDm22mZjHYE6aV2XYqaykhD1REND1o9RAmTvNw1LggzbHpwoXytsc6w/FDVm retogt8J6XkXgdI79tOnAOKXLm2IgSLlQbW5ewNNY7Od2Xjs9EdHSzhzzSSIrhTm T4SKkU6P5Ho7P/S7QYADVs+GEinICu00Q6zwMpI59SWSeWdeh/0= =X6BB -----END PGP SIGNATURE-----