-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/18.x/keys/tkl-bookworm-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org pub rsa4096 2023-05-22 [SC] [expires: 2043-05-17] 2614 7592 087C 0EDE 4214 3B63 7761 DEBA BBCF BA7C uid [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) sub rsa4096 2023-05-22 [S] [expires: 2043-05-17] $ gpg --verify debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz 23853fb92bdb3ade9ff92f8a71718bc594b44f2f9dcad9d2116fe7841fe858a6 debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz $ sha512sum debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz 91885c467c72c8b3b97752971a399f4679ca3ff56f9deb3982aac907dd6c07bb42ec9d658075c594c7cad728de480d81d701190eb87b83be0c720c3a84be7017 debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz.hash debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz: OK $ sha512sum -c debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz.hash debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmVLfxQACgkQkPLGHN5q 3jfGWQ//eWuFJ9j5Xz59m4KVL6NbxMGPM0kzyrY+1aT0P3xtqakUqYDPC0PFP7Yh vi+Y2OZOWAA5iMmqfkrPV597p8MezUvtHeGWK9PyY6J8TG/s5LC4/IaYm2st3lrp mJ82KRhCK6S/s4tVEgq7RS8N1keYA6jjC96Cv2jYN8TDdMtVsyDQbymizlWs/q4t Kd/hhVfcJAOQw83+LpST69IziGKNuNIglSp27COilnpRTp59wt66u+Tqm6lnUjNH nU9JUYfLd2+SshYGLfgmrrEiewN1ocoH6dsOJCFbV7IGh1UBwXbjTQZNpq5pcWtK s9IV+9aF/rj+OX7yy3oBHwEMljZNYBftbylPHrYFKIHb1+Mdlj4YBpDTBXki8xAn QetsY+hNpDsOmWa61uZN5wbeuNlj6XyemCG0WMytVBSkLl+wTk5o2G8F+JfnAPlR UEWe51wzI4zqYCUQghzY7Uc3bWIDdk9YfHHLOMaqPw3ZckxVjb2CCFD7UJwFNXOS Jd2vKMP1v7X6p/GBtxHGAuFvMapEgJMyZJDl0Q3aAHqcFbBSLQ58e6TqlYD6YUxm KeXkCEVPXGgRP5fg8qdBcRcy+quy+97NXQfZY85lMaQS4OWAphxvobOWdp+sj+w0 twUZvXIhPsfd7zow+HlRDT2iCByXDXtsu/XbiqUPVC6Rq+hqKCY= =wcsy -----END PGP SIGNATURE-----