-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-revision-control-16.1-buster-amd64.iso.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-revision-control-16.1-buster-amd64.iso 862e2e055a1612218f93f747a64ae18f993aca3f6f7a9bf392deec96aef3578b turnkey-revision-control-16.1-buster-amd64.iso $ sha512sum turnkey-revision-control-16.1-buster-amd64.iso 247159f67b4b6b6236f8b58e79fe97032b8d1a02898386acb3b736a183cebdf09dc845cde4ba6a2e708151734ae756d052ba6451ba5aefb86ad12e00783bc418 turnkey-revision-control-16.1-buster-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-revision-control-16.1-buster-amd64.iso.hash turnkey-revision-control-16.1-buster-amd64.iso: OK $ sha512sum -c turnkey-revision-control-16.1-buster-amd64.iso.hash turnkey-revision-control-16.1-buster-amd64.iso: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmCzPrkACgkQrF6wBJPl vBxuXRAAwP2FJdPp8P+AnahsYBZDwvrT9gtIe+ydIA2HFAr/7ImUwqKaYG+17koU L/x+NqOgDdDJ51gP2+QjVDiVW2KVBVUtttr5tlI+5Mz+trMJiyLzsd636xj+OkT9 nt5yS10j9unD7vsUlSgixN5KMuwaNBUXd9XwFq2lnrjOKxDlTfopWQ7eYk5Y4wP9 AUMrJ9CeXnrprQDvPvgp+15F/K4BdBCdwBV3UgZZ21tA1msfXHTxa+zpTAAZumJw o0mQhL6Fdb0nUQfwJZ+cQiNAZXf8Zn5dWFiXzQ1H2x7eQd4oVqM6kBkZ92MZLfEJ 8cIhyBmbmUL151TeGJ35jY+uc1gy/ul90KM1ReROARYYcUrXvfXraSXAsWvAGhSs 9pQzO1UrCOC0Q3CXnG6NoIUbMDabUQ78Wz+ndcnv3SkmbxyD+QEsqtgf4Qmkmkq8 Hqri7VqdFUZUi6nbccG6OQYdJTNGxpGm+JQKNLXZ4odhBIaCFPjbshG1jsZ43peg fsEqdutwLZcrhHe3ukIzbcI+jWxwRAe1uAffjI56eT/mId8smyuWoFCMY0GUU9PO HQl0u3ubct4kwzgDg0Vb04J+8P1xw/XLSDSMk3NOyisDBJ8pPTI2cqeyLqJHvIBz fKHEoyb/j9QKs0saNHsgGKUdwYfi4d3lW/6F7lsjmihYHVR7jIs= =59zf -----END PGP SIGNATURE-----