-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl | gpg --import $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org pub rsa4096 2023-05-22 [SC] [expires: 2043-05-17] 2614 7592 087C 0EDE 4214 3B63 7761 DEBA BBCF BA7C uid [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) sub rsa4096 2023-05-22 [S] [expires: 2043-05-17] $ gpg --verify debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz f1915346c240422d4dcd4f86411ae4ad4c3bb81237b02da1629e51e79ddaad8d debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz $ sha512sum debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz 6fa47205c0c87be28fd83be88eb2c1e0837494304a93bb909632c010908454a3aa0f7bcaa1e2afdf3240967b7ad29d5ee4e3334b946ba93a40333cd0acf88d6b debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz.hash debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz: OK $ sha512sum -c debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz.hash debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmX2s+AACgkQkPLGHN5q 3jfNuxAAkVAa9/xtRvXYp5eeAWprrDqz8yIy4Zr7lwJw573VFH4eojJlsNWyL5uK 4As1nddq3wmZe4/sMU5u6U1IvbEd7SjGfogepaIkyCrsewjymCXE1/uXPiXLdF6S 7HjW9DgSPhV13mppS9N0wBSATZQxhmTa3iPzPeYCD+BiH1y13ugKfUUnPgexWB3J 3FrmikN40BXjIFsFX4ofNEXnbQJqGDuMEPEhN1Mb5LrBgXvtZl0mn9N2yGgU6l6D OB78qboYkDotr5LijHyZL7qcBMx/vm4NYW1hRYsqfNPWuDKugv+MlAS2PbAOYTQ1 2datnZ9f+7w24VKC1INy6j51gM+F61en884GibfQlhFa1+ArhFybtORuOrGUj9Yh A7Q3P9J7luDpdvBJ1AU7jvtAONgJ6sbqd2BbwdC6mPy+0fYjicW5O+DCq/Uy9r28 mQ6vh/Iz1fT1wYyrZ4njMtNo8fLIajINVU9QDiOTCaFcxX59sFeAbAdCmyY/sE2T bnWcRHWanwoaEZHN1CFy/YB7hS6A94fxdlM+obBVlshzQeCxVTBrLXdODjsGCt6K N0AlRpIY7d57o9dpI7XeWwOyvAAv1qAD0g+/J4dPxRUfzBOFH0cZhDc3j9d2CDGp G2DPPiEFERRN95A3nHUnNPi2+iOIOWhHHWXlPX6POGnIk/GUqt0= =9zJq -----END PGP SIGNATURE-----