-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/18.x/keys/tkl-bookworm-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org
      pub   rsa4096 2023-05-22 [SC] [expires: 2043-05-17]
            2614 7592 087C 0EDE 4214  3B63 7761 DEBA BBCF BA7C
      uid           [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) <release-bookworm-images@turnkeylinux.org>
      sub   rsa4096 2023-05-22 [S] [expires: 2043-05-17]
      
    $ gpg --verify debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz
      21ae0b8e945c2c73794d50556d6224e92909faf47ef886740c2fc8fda196b260  debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz

    $ sha512sum debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz
      5dacb87f5a65e14fe75ee0dbdb7c4b39723692afac08751f030380bc30aad81f8880c57043757f4a40e6e188702d1be5c74e49f06d29e5a3c5a9398117f144d9  debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz.hash
      debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz: OK

    $ sha512sum -c debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz.hash
      debian-12-turnkey-tomcat-apache_18.0-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmZO8VEACgkQkPLGHN5q
3jfc2BAAhtyE3AMMdK4RIwernUeayAcgx1fwq1g6n9JWdBXF6MDIv9b1lrj7X8R6
uH9BLPWUIk8Jicwj1LLaWWI8Iu35QOie1Yfn61ce8c1y1OP+Dy/xHm+OmsDT4Ax+
Z7fuH08MySOWDYQsMvecJmWXVvAEPxgvz25rATcepsuYQ5NNNxU9BRsTqMyRwC8/
nRR9XgAIVPvJV5K+LhwJXGrgEE1r4LWp9icpN1pgfV800Bidmq1yoM/EN7aHbmEC
7KX+NTybdq+ZDAcQ0iadtBgfqZ5nh10VgUSUVaQwuyR5Mht4EwBuL9dLoOBs9XSw
mnOMP1kt2FhAdrMBeatrUTrVsMvAPS75B7ROcf0gNBiIOq3ge+TUQm7Ofwo4vuxA
Za/Q/Lnhk6Py0CBcIemd8lBTlJLtG3osFE6yE1Ogf5oiimTVkaTzCR/8Fuq2nzQL
VE+W9UbhGhTdI0ma8byNHUwX83yk0OxmKUsxS0iq8eLU+swLsfaWb81F5ld75qGY
VZKxP6WgVA1idPod8euxvA8WfMGD5nMEUwmlW4BuZNJjv2tbXP7o2BtvisvQBoqc
qTfv8G6PwsLDpnTmrZ05o4QzuilPuYwEG04STPRRcSexvnYrxX9Gf0HUQ4CHu6NT
ISStdg2JiULrCiKhyLFFy1M8i/m2BA0G+8SFLVAyih15B7oIq5w=
=zupp
-----END PGP SIGNATURE-----