-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl | gpg --import $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org pub rsa4096 2023-05-22 [SC] [expires: 2043-05-17] 2614 7592 087C 0EDE 4214 3B63 7761 DEBA BBCF BA7C uid [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) sub rsa4096 2023-05-22 [S] [expires: 2043-05-17] $ gpg --verify debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz 22de8fa407388f49b938d30058d2ea973f021fcf9b31cc03c61a23ef38357e2c debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz $ sha512sum debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz 3756f5606f122b29b112f3c732b1fd40b87bd000b669010e30375e2835bf0b0b670d4d54c0c61bb555dbf5fe010e2b6a53f64bf54abdf6c3c0601ce6a8e2b595 debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz.hash debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz: OK $ sha512sum -c debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz.hash debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmXIsWMACgkQkPLGHN5q 3je7Qw/9HRs93Fn4bboVePfi3AvC6liFC+kcOBGHgvjQefavj7jhx6LyPgmd+dN9 otWJr0iTNKis31Kr04D6/Mu20MKt//kc3bmJFKtnbohDsBZh+cc2JuM8Qn8X6OUu O2C0rG5c58LYV3VlzVTOSzuNEi+HsYKtNUq08qbH3RTFMvPGHbQCxIpNtIgC5QEP rvwNMYYLnmVb1NlRs2EvGjqvwNoEa5AGre5vNmyB4ETpphbbmCHGnxDL30cctX0S DXFMMlnouW38bfhBa8WAnV7W0+NSvvK4IlXU26lo59YmPHvEXDPkl7c46/bzutY9 Bxh0A7aiMyEUIfGGTzvdea46KVCIEQTFc2JU7fIpbepS10d4gkHb1DbwhTszQaOl dUt8cWQSgXNAJig8W1VzCIerhJuWQF+JMbhfbsyS61piFRvn2lxcxvbLvSjqJiLW SscBgDoa16RLes3qc5k4gbpFkyYD6yYOyaJkRvQvbAvr8BLNJOa8z5+Jw5RM6TQe NlHtmhevKiDonN3IOtxlIrK3st3tL3i08p75ga1FrQ5qtjmaX4elcWJADRJb7Gzt JcDnur2xV47BHn9aU4toA2EaIS1hRGUVMZPTTWr0afAsOJeQ1GpjyFbFBipJCjL5 2qKgxYgg/HNV4ugCGhPGF/V7ONJ/oW8JNVc3T/H9yqUPd/8Bq1U= =mUVC -----END PGP SIGNATURE-----