-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-invoice-ninja-16.1-buster-amd64.iso.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-invoice-ninja-16.1-buster-amd64.iso 26d1cbae1224b3af07e5302bac98947fdcd366f3a4b2ecd2246d8a1f063ee3eb turnkey-invoice-ninja-16.1-buster-amd64.iso $ sha512sum turnkey-invoice-ninja-16.1-buster-amd64.iso 5fabf20de0c24e9a2506b1f7b8360dc9aaf72fc750d9e4e330b86098924b4276ed09e577bdb485f000eac4da34b7f8bd39089b26db18f5523c80782f427f290e turnkey-invoice-ninja-16.1-buster-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-invoice-ninja-16.1-buster-amd64.iso.hash turnkey-invoice-ninja-16.1-buster-amd64.iso: OK $ sha512sum -c turnkey-invoice-ninja-16.1-buster-amd64.iso.hash turnkey-invoice-ninja-16.1-buster-amd64.iso: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmA7b5oACgkQrF6wBJPl vBy5yxAAl6Ed5KsA6fhAGOuMbrx/oYdqwAN1JxnoTpfLcTNUoLD2a9zxsAmkM076 uVGm7QRV+LcLXWb+gnRfk63WYG9lzBdkQTyutM/NO6DBOb5oOHszJebYEZ2W/QYS GWYkGGwfTsybQyEA1mmyxIKGb268JRwcKn4uvfSi0FBax5EBI7MLOAXcxH0Tib/i nN+pM7Rj5APCk9w5FZbwTBF1brshe3HmVh16biPMnmhowiUS1HDJDoe4KioxuheK XpVO3n61/1zijpaQfGHYoTclxKQF09RWVC+mDHCl8FoDvynWgrvtns3hny9ttVV0 UVFXsAxJ0wfKoEf8927L+tXGAZ4spQ515Pd+juF+PaFqqFcjRV5302zRC52WuM/h kFogcekLU1/29eE4y4D/2JuVLiVexPq1bWGN7kILytrd5r2VRjS9UZcfqCwhv6em jTj/W9uYuwIad6toXPJjR5utsquvPg2bBpLYx+FXOWpUcH9dG4ljp9AWdK9ymMqg 6AWPDaGP3PoMzVKdnj3ksMECCVYu+mJwErr/FskUUnHfqPCaLYY2B1bRwDyAmATK LiDsvtFI+3g/Zi+txy+E+PUj75M6IEq5sLlUOlmikpd54IGxgdhw0qOOFw2W7Z9L TE/8B57LhEvYbB8FV5uvZI7YzAb4G1+hM6uU0z6OQTazGknY3QU= =crNY -----END PGP SIGNATURE-----