-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify turnkey-bagisto-16.0-buster-amd64-vmdk.zip.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-bagisto-16.0-buster-amd64-vmdk.zip
      d833de26e34009ae525723dd496009ccaac44fb0f2ab76d304d758a8ec26a3ab  turnkey-bagisto-16.0-buster-amd64-vmdk.zip

    $ sha512sum turnkey-bagisto-16.0-buster-amd64-vmdk.zip
      74397275841838a23863e4fc8166d418e77457b578254f774ce64730ed7b27af8ff0ee3892722393a3aced553f18a71a9542fed9c9f752256d4bd23833438ffb  turnkey-bagisto-16.0-buster-amd64-vmdk.zip

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-bagisto-16.0-buster-amd64-vmdk.zip.hash
      turnkey-bagisto-16.0-buster-amd64-vmdk.zip: OK

    $ sha512sum -c turnkey-bagisto-16.0-buster-amd64-vmdk.zip.hash
      turnkey-bagisto-16.0-buster-amd64-vmdk.zip: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl/YwaUACgkQrF6wBJPl
vBzwPg//UFn+zLPplwLyN3CMte+gHrnVHrW2DKEu1gSliG9G33MUJNiBHtH3LtMT
z7KQJNdb5umJVnVYdyvY1q6LKH2jrGQALbKzyHaLCiEaaF0LLpn3xWdDXvNwfMyI
rDc+E6EQaFhn3qhHSiBCYihveyFFq0vLsE6scIZ3G68eE3oykWpYAMFSd/cvZoE/
LPm5lP/nd27DS649NMxCe/JY+5plKgzty4fZh/tfEzdB2HI++ytb0CsTSKS6etz9
WAqRj5xAEuWYBS8gt+L6n+PdiT11BPkpA4VhuAKvY+b3O7d6PCY38L2A+NmlJQIY
tgG5rGC60k7xPfk73dHDpeLO3UtYXhOeaCh9tcg0Bokhew6mnDr31XQK70GdGDGX
C+Dbs5IEhyHhGSvZBDUYJX3/G5ctfxDvbgVMJiUNouOI8idntNUTAIjo4pdzFaeC
1j3PwfrS8KLFZUvdIiA34vdP30+/VRjhpF9VAwcIPJXV//ZbJa5rNJ953dAK1nET
+AnyKr7gIKFpDj9CT4WfUvgw935DdLEMVh7uXp/5SRyXK1X49c6uljCzEvjQrNxr
4tssFIyiEIg1rcmxtVcC512pYkyEx8L/vNijbZ/CZobEXq2ryeXCINSrNmrQPMTh
RkNIjqnmsF5i8soy+LP8AgYY9h69twUU4XqptvXmC4s90JXwZGE=
=jZYS
-----END PGP SIGNATURE-----