-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-symfony-16.0-buster-amd64-vmdk.zip.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-symfony-16.0-buster-amd64-vmdk.zip e4955bf56de9d5614a69a50add47ed81aa547c478119c597285155971ba34d20 turnkey-symfony-16.0-buster-amd64-vmdk.zip $ sha512sum turnkey-symfony-16.0-buster-amd64-vmdk.zip 97f1e707f08bb55b3030119d3cf22c8fbd363d9761f88f754a389f98e33e56367a9cf150beaa3d228a18e5be95d7755b0731e3ff6da6cb1333fa7a3a32ed99db turnkey-symfony-16.0-buster-amd64-vmdk.zip Note, you can compare hashes automatically:: $ sha256sum -c turnkey-symfony-16.0-buster-amd64-vmdk.zip.hash turnkey-symfony-16.0-buster-amd64-vmdk.zip: OK $ sha512sum -c turnkey-symfony-16.0-buster-amd64-vmdk.zip.hash turnkey-symfony-16.0-buster-amd64-vmdk.zip: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl8UCgQACgkQrF6wBJPl vBzKPw//T1/KRAPa9dWM09IHVPYnup7hzyTgEpElFUT3a3Lg1hiDmWOz/9HiTGot Qb8xT+LZn3hKcSdOJ3+TmGMyTMnC+YsOhqvgotQ4FPIRBXOet0cWnSurIbaSuH+X qec51VJlm2xK8KHr40m+IFTKOsYEzxr0yhemZEVzVl+GACmhQQFlVJAejzZaB02t IHVaLeqxodpgUulzVDhdkdC0F1XppOxD7sq5yAMpBZxXRNJ354a6fhdmeZXpFHed C3vaVmIrx5DlnzwCyL1YHWuhSGCn2LZFOz7IuYZLRGzkuTqP9nBvt0a4c6RmX4nb BAwUIp31rWiJHT6p1byg219y4gMc6yen1XcCNLSrIIjYEQXhI8cSQ+Ko+Lqz7Q9E 3Ku1mwb+PVkfcVOLv/DicdOlV4yBd5L+buefPqr8sIyWBj72sg6codMnPCGf1N8r XxWHHaQn17IsnGR3bQXpI0Wu22hygIcUWe1PNGo9MX4k2ccMQGqautB6s+lsFFQ8 xNWT67StTZbdD/wC2ia5mMR07vDsQCY0dyofCKyWKNbe1eEW2EuoJZewFa+3K90f p1yUlW15E6gGoLhO/wfwIKrafk2vNYi9hdMNSYQF4XaJliuXPfntdh8DhFBfRUhY WgITEEdzK4P4nliSJ38D7bmp1O1cbjM25mGu0fby5WuligaD7GU= =crM9 -----END PGP SIGNATURE-----