-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz
      22c06a933c127812d9556671e09d56bbf77044222a7fcb6fe65be8d8b0909618  debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz

    $ sha512sum debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz
      698d2b54d4b79c9dba78b1c88c7925ddfe436f6568ef33cb40f2c940e42db6825dbac46b896f245bd172adeb95f61008f1942b10d8d03fa51baa24c44808c570  debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz.hash
      debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz: OK

    $ sha512sum -c debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz.hash
      debian-10-turnkey-joomla3_16.0-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl6upFYACgkQrF6wBJPl
vBy35w//R54p0Lqz1gGUAsXCtz9vtqjgIrUGAA/tHfAC0WCqSS1LpFhFQ8bk/xb6
DLn/rKJoP+LX+4VaUdphYsK4fbo2HTGIdFtQIkR4QDFP4qrktuRzpQzxOWAqoHDQ
NVSZpsnbGFouJU0trvyQpXc2BNwg7C570vxsNcFWuhm8jX9BZ4VNc2EDTsh6lwrU
kbtFC82ZGdQ0imr2bKiqQYvgoUzV4C/iHXFBZ6UnCn4weYr8KD+Vf0VLXFqyAEM+
HnhDQiZhL5uMBWqZbFh15TSTNLb1JrNHoTw3xPQfM2o4w4rC3dX5GIUjVNGuPyC1
UYwGFyNv2gQytOEZNndEsDgCmDgyhLM5+aUGeo1CaPeiy2L/7z3vEsK1o02Kc1Yc
SEXS38bexf3atC0w8Ysf6td/y6++SXI7FLSAAxbc7yK9n3304C1w63wY9RW08/am
+dvVG9XG9iiFfDc5ro0q1Qjm/OIz1AweRSRy3cavwqM2QovreGPz7pl68W3q2Z6S
tkKfHH3WYv9NOAQ8kjW8tTEVlXi5niU852esc7XoEPXXpE0mhhRwe34oVLQ1I2dY
k5q91IG7ZPLxyHGybXQbDXY3nF5bBkgvHZ4ctOpukB7kyiKALofOk/L0qSLff4cp
hs0bkhfKJ3aNlkKtXjHa80i/74vQn+VrGawWsj6eQ0H37tJBodo=
=1YpU
-----END PGP SIGNATURE-----