-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz 83170eec738e55b2d2afe89b80638124e8752032587d5679f5326a4a7828bded debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz $ sha512sum debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz c7712726f5af9d4aee41a51ea8badeb0572f330dd5ea9caa1d967eb9c6263e1b3d3e5c2edbbf96168dba44d1f06d3f6c1128fb1d5747e972c9f04c833bdd171e debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz.hash debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz: OK $ sha512sum -c debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz.hash debian-8-turnkey-couchdb_14.2-1_amd64.tar.gz: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZfb14AAoJEIXCXpWhbrlN3gAIANadE6BasubfBLHuwghFRu6t uXLCjvU4jcTYgqZmrf1b4tC/NSla58FtqONs1p+tNkefcl5eXeyolymLyFpworqo Fhok0ta6o9bU2GJQ8mqpqUpR9Nmco/4OSjSsAqOkAW0Aw8HLjqzFQYePuIVZqiwi H+cSCw3kFAG4ll5m5mhevHskQVNSUy+I+VeF0EnfTlLLLna5T67IwuT40iNnh3Kt UMUm206RA8mcxlp4QG/XByew82wMnszBfbLxQ/cYwcqz9b/ZS2sBJO9O8IId2RMI 12UCv8pjL0lrkKtdU1Lr7DiUouozZhXAbF/aSdN+Rm/GqN8xvGVLM6G40IfEYvw= =bP3r -----END PGP SIGNATURE-----