-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl  | gpg --import
    $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org
      pub   rsa4096 2023-05-22 [SC] [expires: 2043-05-17]
            2614 7592 087C 0EDE 4214  3B63 7761 DEBA BBCF BA7C
      uid           [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) <release-bookworm-images@turnkeylinux.org>
      sub   rsa4096 2023-05-22 [S] [expires: 2043-05-17]
      
    $ gpg --verify bootstrap-bookworm-amd64.tar.gz.hash
      gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum bootstrap-bookworm-amd64.tar.gz
      86f20e18875aa2c627e37b9bf65b94a5468da681fba995f2cda0a4dccbbc6ab5  bootstrap-bookworm-amd64.tar.gz

    $ sha512sum bootstrap-bookworm-amd64.tar.gz
      a725fd7dcaacabb6a076a6051aadffbe2cb32c6717127fe689bd010fe6b56bf70a9a65156b8f4facedd14e4250a8422b74d275bb510975446c9c65959fbfeb8f  bootstrap-bookworm-amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c bootstrap-bookworm-amd64.tar.gz.hash
      bootstrap-bookworm-amd64.tar.gz: OK

    $ sha512sum -c bootstrap-bookworm-amd64.tar.gz.hash
      bootstrap-bookworm-amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmT9iqYACgkQkPLGHN5q
3jf7Iw//e2S400VwP1zjS+1M9G9PRt9NkZGYk0x+3dKdBumFlvIFWB4cjzDbBdSv
Z6/ZoV3seXJMlTI2I0TOPEJSD9Ro3SwnU28KKeGZSjLi8sZi2BKSJj4pWVncW/dt
JAnZ0qQ5lMUb046E/0SyLph4yWZPqEU5yE7u1ytB4IN9XwPl27Tpo7W8pEtx2XDO
jeZy+uXPO0K8ER1NMerT/zfy8LjZm9SZIzD99/ieI0WS0S01tk2SMu4xKlNb7OY+
BX008vm3mpH/jjU5SAStPZTi2vL3rkYewuOZJ6EYdZTiLnIi8n2dS6iv6Co7CDb5
8iJZWO7NWzjWhT1vk+4vhR6KQpQwa7Dqk9odVkiPu6kOlbcdbwqlE0b1O0f4CLHv
NjL/ziIj3rSxwrGwM9x2GDLR/M81aZkk977UqGGv5drMRmgLTe9AB6eSfaJkAav0
V0BOGpu1/qXW9SK39i7oYyMa3OCPouJGzlqhCyMnxpPEab124RGKir0hxZcMVZ5K
aMPhpe4xRD3sQRpt0f4Rtsz2+8Tgr8FDfgfrupCfUjnkZOCAirb448XSA7aKASxH
302n2SMjiI1PefKGXnGYOfX+HHp0WDGukVtMtiKxUoFA4eVyeHRR9RbZyHHvJrxk
akl1uOsw5a3N4e+epf+5W4h0sfet/7AIbpa8Wto6XtvK1s5ERHU=
=XwNQ
-----END PGP SIGNATURE-----