-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify turnkey-gitlab-16.1-buster-amd64-vmdk.zip.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-gitlab-16.1-buster-amd64-vmdk.zip
      bf298eced2f22414e8953fa70c7a410d01f90a71441c27d2f6263f68ef463646  turnkey-gitlab-16.1-buster-amd64-vmdk.zip

    $ sha512sum turnkey-gitlab-16.1-buster-amd64-vmdk.zip
      60cc469e05d5cfd1e4b68e5932ebd05a90d90713ab13426094b85181d9f77f8939f4ed343a2214814b1b6db660b6d7c637007e5d77f1818f9d92ee1ee0ef2a92  turnkey-gitlab-16.1-buster-amd64-vmdk.zip

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-gitlab-16.1-buster-amd64-vmdk.zip.hash
      turnkey-gitlab-16.1-buster-amd64-vmdk.zip: OK

    $ sha512sum -c turnkey-gitlab-16.1-buster-amd64-vmdk.zip.hash
      turnkey-gitlab-16.1-buster-amd64-vmdk.zip: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmCzPrgACgkQrF6wBJPl
vByOug//U0llLjWMO0UMLZi3LVMWAnHhnSFewcXVdtXw6t41Yby4+73yyNQrWpsS
8toRar6wnFMuQ4C0qLq3a5OXTmVEDz39EnrR9O4bjPcEbLY00Ekuc7G3/4Owx24g
0vTn9MzggS8BD+lj+eGILgLTgAx70c930I02EAYPC/qqFPG0uu8yxzH5yp3pK0rT
bQMSdlCb1NSyyCI6i7ckNG8tnAwnWhMbn4qkwHFFt9ynTgcqGmb9BXB/GsnLxFbL
AqF4zKPV46rnS7sJv3YyufrCNdZSZUixLVqoWPkkB86wvkS4il/LcLwz2As8JrLK
Pb0iYnX6b9Jrc9gObqPkVnPD0ri3DXr4NSwh5AHd3H0lULkAShSxPU9QJ1VXy6e9
HPS6tk6qnM8YDBT8aZsy9HGu1yavW5BCAZyWwzPZeGED9SuFe35RxqfBr3QlS+a1
tllZ8U+Pf9BmxpFvq+7npXR/UGE1fGeEO3cv9OkwEt4ovT7gaY25CLj6F0icQCKY
77q0lFvbU+uu0XpnVu2sx9dnLtm87BPDPuRI0vrZeSq5ruwSUju3wazVMqcFHWjE
93hq+DaCMuoyGeqf2BcrhPUBROWkkS2C8hKrVKpvzhaok5Cs0+6p13Q1AeFXlxe2
vB9IS3Jzxdoc26f52oEesWPy3SUcOHwoIhUFVXR040pRpJCbyg4=
=WUXi
-----END PGP SIGNATURE-----