-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl  | gpg --import
    $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org
      pub   rsa4096 2021-08-04 [SC] [expires: 2041-07-30]
            E10F 6567 0C8E BE42 ED0C  3A49 CCA5 1174 468F 9073
      uid           [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) <release-bullseye-images@turnkeylinux.org>
      sub   rsa4096 2021-08-04 [S] [expires: 2041-07-30]
      
    $ gpg --verify debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz
      3d3d0e3553baa4ce22fe563064477d970ff9d9c515b8c61ca5f87c8dd8ed46ff  debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz

    $ sha512sum debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz
      8ca7ed9c9c31445735772430b3b28e13111f61c085451f30dc447f3ecac27bd7af8458dcb9cf19b9505c48ac367e6b60872d1696e0be1b26852cd2082cdaec23  debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz: OK

    $ sha512sum -c debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmM0CTkACgkQHkh6RjHW
/rbzyhAAhsLVdACIDaAcWOKGF2lG4TCoL6F5acxB+FdYfGNPEh6CxHjwJG21XND5
zhx2g623ju42Ih1PfeS7mJfwJELGw4zQeiFuRmAoDDSkQDrZ0aK3TRzQI0HzPI2O
/jphiL88I1tBEtH5aMY2aDfnGAmiJw6BiVQC2fKcEsR1elFVzFf0vGtbLR37EFG0
5l9qG+xbXPsknm/W9dTuPg1w8np90rvqHeSUoa89eGsblS7tXJ42JDMG+lr4bOup
13dyJj6lGuY/RqMYblpmuESsjFv50i61kZLH/dYxCvxNDtE71O+xPLpN7rrzOgYo
ooboewh72z7PL6lkvnKg1MGKFF1jPGrP8EmPWy27/FIoYvriEHYhuThaLJEEF6Uv
t4pjKckkJhRx/yEKnWQJiQ6Y1SrHPZtQiSXkm728dQEeP/g5C3i/yxzWWEm7P+e3
wMCbfsSbfQ1ZUSsVvx8gQerpRAa3sw2b90LhtXWjCX/QgJ9mvNC+hwai1zJHpya7
r56XYUlduIdDLp9f/GXTeNCSgArGNMDx3JxiPUhaQ52SKEMlDY4hdW0dGFEnCysO
kLfcr5z5d4g94ugbwNujaPqvktZedjsHC5uVEF+4lY6XrmuTs2/1TbwO4jNXHXfl
ZRmB9z0HSltb09emLAJgonJJhGPSGUzmz1HNqhHZtUN4hEWrZvg=
=9z4I
-----END PGP SIGNATURE-----