-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2 b175396efe512722b1745c4511ac485623fec2a3dff5ee3c37ae055952d8f6da turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2 $ sha512sum turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2 6dd0bce74cea5aa3e088066e53fa6811db5cc32529b067235ac13076625f6bdcf132bdd926e252fe9d482113079ac792cb2a3d0f45bcba588da084702347a14c turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2 Note, you can compare hashes automatically:: $ sha256sum -c turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2.hash turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2: OK $ sha512sum -c turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2.hash turnkey-openvpn-14.2-jessie-amd64-xen.tar.bz2: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZeIKlAAoJEIXCXpWhbrlNJbkH/0aM3F/M6B/zE4wJW4hY5Wzj 0B/JE6Ar/ZQfizY1klDwZ6e+gHSnhnBPItmXJuummb3yjp4nDOupxL5Qwb9j1W3b FeB38oOdo3EHc9FYNfXljpoMT5d1MaKvcKr04NZC5s/FYD6tH8KPAwazrMl0vi7S AcYxbdfsC3FjwoplUquW4HM/OayAgjRbaXqsp+CVt6P2e3yHRTNvJl7y3fowl6Cn gun3lbOED7iaepNEodyFm6W9hkEdRoTX5hKHVmwZHocuQbev6KY2ktxvmrZeFaIE jVYtoO1MSDkM24HD6lNhPicVTqqkZ4w6SxYCiYq4PHURYv/sz5ZBMWfy3G/ceqM= =R0Fi -----END PGP SIGNATURE-----