-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz 6bc1fb7b9989266917bc9f0c48eb20d92ee36299206a7302e3901640c572abfa debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz $ sha512sum debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz 10352c0a77123371abb6966ec156b9ca08561229dcf33c404d8e684f3be4f2b38b135349d3f1f00b9385bad7efb62c39cd9d4fa4a1ad767d62aab300bcce8c66 debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz Note, you can compare hashes automatically:: $ sha256sum -c debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz.hash debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz: OK $ sha512sum -c debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz.hash debian-10-turnkey-nextcloud_16.0-1_amd64.tar.gz: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl6upFcACgkQrF6wBJPl vBw6nxAAymPDTaO6HfGe9PBFqA8pese3LdVKqjFJgJIjLBNFHZdv56gaikipAIVL JKgKgG7jp5Mta7Fwgsay96Fet2WF97Gla1VMjXhKorrsRT7B/daVGLjMUMU4zM7n QxYlr8E1+Y0SzmvwuIF0ups0lcfKDEwM1RFFxzHn37QPY7n46J9NEw/tqHGQBYjY Z03Iv3MsV6Fmu88Xw526cMwIzL0mBu2587ZcpHK183+Fp6pRx0wfNreO4+8roiUd 121X0YXuvl4++jX9JcDuIGt1wSW9BfxLOLsy64C/oEylXUu8NNCjK06odVkkpge/ 88C3rVb1Vbq7xhvn0VLJYr/r9kWONBSJs/G+WUNkHVis8QwhLdyTkpFiLlzaktAH dRj3xOxPBlOrvCGNdvmJuVG3vX5ferZfIzS++nt1IJpYTxCZET4H+UfsHay6NdK8 E5rFRTjzDwDzHJ+FB3uEJsUcutwPVpoQpfbATcGMlSy2KtBtYJmePtKkpEuLvb9b PrSoScRiH47dJJ+X/evioLGamHAyIw6+zmfOz4X1ABYszaKUfbliUW0G46rbgyT+ T8h51w6HXB1B7UjOoXiTorcl1L/R80ROZdW2FWmqfnKI/2V6fQ7rId/q0OcZmg9P xXQzrs/QoUX+XzEF3v86Y39x/S6D5XJ1yxzKwiiUk2rHLvVoe2A= =JPpQ -----END PGP SIGNATURE-----