-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-e107-15.1-stretch-amd64.iso.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-e107-15.1-stretch-amd64.iso ac401cf78d3cb2a88e73e6f3ca9ad0d2e23070dfb6a21880a18d37c374fb1a4d turnkey-e107-15.1-stretch-amd64.iso $ sha512sum turnkey-e107-15.1-stretch-amd64.iso 6c07fdb2355a018a84b814cf7acc406c9ff39dc7e264f3375f334e77a513a2490d107bb4c2cef8029d26591adca45bb319fe515e308ab9f8a9d88e12903cc4c6 turnkey-e107-15.1-stretch-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-e107-15.1-stretch-amd64.iso.hash turnkey-e107-15.1-stretch-amd64.iso: OK $ sha512sum -c turnkey-e107-15.1-stretch-amd64.iso.hash turnkey-e107-15.1-stretch-amd64.iso: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlv/phwACgkQhcJelaFu uU3eKAf+IUy8yg5VcC3ZZHvROv6E12U+f9dNM3Q/UEHS2o7xfE/UCBwFi3NGvQrY p6zkeHvtDJn497EdTXwv4bgE5VHnvXY4futXO0evOo5/4+RnBzIKDIJ6Q98QKxjX sjiebr3pVJmRZxQ9gYDxXYVx9YCVaABTrfksrm+PcTCRIQd54yiKs5iWc8FGtkOY oME5mDXuiUTnljh2/vapl+wqxYdLuTqLRXVFs7b+6FmUszY+l+rQGuXS0sz3/ZOg dX5ZikfE452eoGluF7zTgMWJ9rr3d0tAUQfw/qQbakKuvNp+9ARe02d2MEoaGWwi Yv4yl8+L/qM4FB4sd14BDnDEyyLh6w== =31zw -----END PGP SIGNATURE-----