-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-mumble_16.1-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-mumble_16.1-1_amd64.tar.gz 1b7e8ae1be74c1ff3aeb0039b99a6b68093c9200247d0f7607af68d155cec2ad debian-10-turnkey-mumble_16.1-1_amd64.tar.gz $ sha512sum debian-10-turnkey-mumble_16.1-1_amd64.tar.gz 1557e4f0f0292da98003d110f3db019211340677a13f7ccc71a016ced50e0ba6f0f805dc717edce1b673634d32f22b308d1531cbffabff3ff89e5372f56d9794 debian-10-turnkey-mumble_16.1-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-mumble_16.1-1_amd64.tar.gz.hash debian-10-turnkey-mumble_16.1-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-mumble_16.1-1_amd64.tar.gz.hash debian-10-turnkey-mumble_16.1-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmBh2NMACgkQrF6wBJPl vBwkjg//VZc1TSlFvpSAaZDBkYlqBgig40cmxJ4zBPrx1v/PCV3zVrn+lhYsBCnK oQ3XE78AdQXBctc3gTmtucR3T6wI1+qGtPkTWeXtp/kIuDJ0Xxy6P6C5DrO7E7Jo oGGWeES2aH3F8sp82pLGi4Sg4A+hqJvs5o4luYzpJtMuwMr6eBFbNgZK9C63iiKd dT22gpawQPJPfbaG7p6kjB7R189vmrgr9cN+zJ275hCNa/6pPpWYLt7QDkt4U1I/ Uo9+oIrtzOuzcnf9kBvaaPQjuCmFyhUA1mx0Z96Z3DLMaM+dJco3JXt1p1Whsr2n cWYVnWl50oVO3U8zRVt6wOn5IY+xtT/3GO2+ZMv8dTPTPJ/XW0y2yONi+KSEdqKt O7ez9SnDPZzsH83GgDIc7beew8Z8jj9JiGein2LPvTBVbNZy58F8+hu7sy/sdgRM u7ygN+mBl8GC0/mvAV5i6TGiRMOGSqHmYrfj2zQbloPVvomY46sR4RkBrqm1V+Iz MxQXlDmt1HClISEV6T9obpeFPKzH6K8cK9kOhzROKkmyCNuxHIfP1Ka/Bt/NWawA C6HGY8I7l2/sq447yFi8fwwg608ZxKldEyxnutmZFjLxzw8dWpM4temGClFmnAZX hsC6RfjWn99T9N2Wp+S5owqAnREgfFMF/iIA7R/jfq+WftSop/o= =bPI0 -----END PGP SIGNATURE-----