-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify turnkey-cakephp-16.0-buster-amd64-vmdk.zip.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-cakephp-16.0-buster-amd64-vmdk.zip
      09992b691fa02d941a2a002ed0c908ad387ae907859bf05ff6bece87f7315d7e  turnkey-cakephp-16.0-buster-amd64-vmdk.zip

    $ sha512sum turnkey-cakephp-16.0-buster-amd64-vmdk.zip
      8ee0e9f6824a0a205b13bf699e09b2b270d3cdbe7585aa1bff2efbdb62859294232b7698897ecf7c7c480a02247f5890015ecf60887e803968bea9db8c119551  turnkey-cakephp-16.0-buster-amd64-vmdk.zip

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-cakephp-16.0-buster-amd64-vmdk.zip.hash
      turnkey-cakephp-16.0-buster-amd64-vmdk.zip: OK

    $ sha512sum -c turnkey-cakephp-16.0-buster-amd64-vmdk.zip.hash
      turnkey-cakephp-16.0-buster-amd64-vmdk.zip: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl7KTbAACgkQrF6wBJPl
vByZsw//S1oBWIhk32/C1nnTJvv9xthd4pLVtGOjQhZudGMg3++NpVxJCckza8He
EGDQunrosgp4DvRrqIgnAvg9k05ssgBlZ/CQWx17Ve0cySdl2RPA3wF9UegDihLN
8/tOaZ0bRvS+r6+0Su+Z6Z1RFWOcFVE7SVRIvYCVW9BHOqdzAztQckQOfzy1bguG
kbLk0yxvI+eTg/Mtr9dm09N1goLdFT/jDa8dkTtdtKmgTEVVWvez5JUTd0Db6T38
r5jmEFicK7xbWjXjCA5lrz9Ralysh0piw08XmXOST41ng+v3QTFsPTjSfR9v9ond
LYGOJJk58Es4Y6VQGtwJkTz75NnWXNfA47R8YEr/+gP3MeBjlr/fwuzHIV3DN93C
mzaSRM3KGHNazteQXKdN/y24i+ctT54FKr1VGHbCEAOSQGjOH4Z4sUXhWitk6fsr
QzGJi58MOR/SG0pFCkJg8DFlZMzG3wpFbpQ8yRCER3Pd30abrTsCtEqHeQupF98c
Ap57F/+jkVumMoX+QKRi0eO6s4oriHNNLcAp3zgpyf9IYAIWYMxWs5KGxmLg99Uj
1eVv1vtGKiDBfszedmth/jBMi4i7kFwlcW+90lpqLOWi5W+RgBBCBQjf1lEEmXx9
u0AzAa07zGIqC8Behe1pKBlZz1unkbUzE7HgWoDpNQ3TWhV+Scc=
=Mx3J
-----END PGP SIGNATURE-----