-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify debian-10-turnkey-xoops_16.0-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-10-turnkey-xoops_16.0-1_amd64.tar.gz
      1a9bf1de3b5dce1c023822591e81e5588d2aaa864351bac95b8d0f96527194bd  debian-10-turnkey-xoops_16.0-1_amd64.tar.gz

    $ sha512sum debian-10-turnkey-xoops_16.0-1_amd64.tar.gz
      c72a5895f1054dbe70a6bbb31b2ab4609ad94c7fb3a5c8a87383771520da22e63d213bb181c25c13e5e8c3fe6366ed8a142133c01fa4cbb682d8e26b8d90153d  debian-10-turnkey-xoops_16.0-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-10-turnkey-xoops_16.0-1_amd64.tar.gz.hash
      debian-10-turnkey-xoops_16.0-1_amd64.tar.gz: OK

    $ sha512sum -c debian-10-turnkey-xoops_16.0-1_amd64.tar.gz.hash
      debian-10-turnkey-xoops_16.0-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl7co0UACgkQrF6wBJPl
vBw4ZBAAgbSs5gFYdJerBhgbGGKQVHUyU6bxh0O2AuiFZiYJF2Htj6VeOq15JfG+
15m8QwXEJ4aESW1CAHHPV8ZeATLeeHvvnR8ogIuxqUZRNlHYnWGa9+9Dfp8NoTRP
K8/TxBZiGpdEoJsqGUfK5WqZqyDBIAQaeNVOftijXf0+/8IqeW7PGynfRRNFvBRk
tTS8/op0wEm6LfCx6c+pziwIRpLLOC82d9ePMC+9n+XNPcmH0MjkieLRMbWGXf/2
l5v2COx9+vZEiVo/9o9so8ILYc8E2JzgapMNISfOM5goeg5RoR7mG3lSH2KdJ3hc
jrYLnoHRyGO/dMAhr41UwHmA9nZqFxXLlTgkgtMweqXa6eUpkOm0ERXR86qmO3iL
AsnzUFWJvEEeNSqh2vY7uNX7yCdKmX3yjfkkiP+BvVw4iaj+jVSFXhv/rI/u+xTx
PVmFl6XciitDffbSVZvDEUPgxb9Q8DSSR2co0Jn9PDP49clxImlI1cbM3Z1clYej
QU70zfM4VxmQu+7sT2TGbdBslNnZIl2T2kg69GZEYDXgUANutmQTNG4jmRs4sbjQ
sAgfuu9hWABGSDIQZMf3uzOwqvW9UD3uHxAczSR+vsAW9RCqphj6uD6dk0A5/LUT
9nCH0UQmWyy+wwXwb6rx+0qe3E9cLeOH6vVmSENvbygS+IzQBqE=
=llRp
-----END PGP SIGNATURE-----