-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl  | gpg --import
    $ gpg --list-keys --with-fingerprint release-bullseye-images@turnkeylinux.org
      pub   rsa4096 2021-08-04 [SC] [expires: 2041-07-30]
            E10F 6567 0C8E BE42 ED0C  3A49 CCA5 1174 468F 9073
      uid           [ unknown] TurnKey GNU/Linux Bullseye Images (GPG signing key for TurnKey Linux Bullseye Images) <release-bullseye-images@turnkeylinux.org>
      sub   rsa4096 2021-08-04 [S] [expires: 2041-07-30]
      
    $ gpg --verify debian-11-turnkey-tracks_17.1-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID E10F65670C8EBE42ED0C3A49CCA51174468F9073
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-11-turnkey-tracks_17.1-1_amd64.tar.gz
      e4c6e8a2570044e5d7bc53165a0e93a1011ececc5e493fc2dec13380665275db  debian-11-turnkey-tracks_17.1-1_amd64.tar.gz

    $ sha512sum debian-11-turnkey-tracks_17.1-1_amd64.tar.gz
      fa2aa6fbe1e72feac1cce3561a712f996a9144212dcd892231211b83f711d5b0c66602c58bd2a47b8999c3f007b6d85b00d080c2bdf1cfb28df3c7deb4f6f208  debian-11-turnkey-tracks_17.1-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-11-turnkey-tracks_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-tracks_17.1-1_amd64.tar.gz: OK

    $ sha512sum -c debian-11-turnkey-tracks_17.1-1_amd64.tar.gz.hash
      debian-11-turnkey-tracks_17.1-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3YP+u+JWuSop/BuCHkh6RjHW/rYFAmQEVSIACgkQHkh6RjHW
/rbBJA/9E7Le4ovI3ffPoy0G4leNAbxn9LiTISwHjA7g1q3MX1w5+VaTx9aii1Uc
A/+lEVkoxlze+35sTrrC/Dcn0zKc6jrvwRl2194zGfLYuc2vfl7jBwh9BlOge1yh
Zupuvmi/HItot8V8W4U4651bnXfgee1BKfTN00YPP/29UolkHtRikTHfIslrYDQH
/Oad3E4V+YxXhG7E6sNwpEK06HEP60tJtfTn2kVxeZ0yvMvGVkF67bnx3J/gtVdr
qPxm9B/R5kDPbdEBPrGvjXWF8LsFIdHaudaxrp33UKn3uvzqzRw7K2SGPPearBHR
PXZp68AoDYN2Ohat+eYits6FSs/L3kN/3Xr7fSFCht4QYSt8tVSBAR5l3hPoNtEf
0EQ3ihpZrPX2H0S4/wAnl5r04HldbOneBkrSe2n3WVApn3QQPXn0h77m3KCjRORo
3di7E9z8pTJ8MMM4jWrHTw6TYIGk5U1WHutSeXH/DrFO7ZEcPNpj9AQDqCnkN3pM
cD6iQRKG9JbYduVOgbG4Cz1+wIZolkhq4Jw/2Ww7w1jZGo4kWnVtrRh/C7yeMd88
QJOuXVVoGQ+KJ/u2Qhm1LJEIXJWQ2VP8q7dqeWqFyud7aDQS9dNBf03fpPJLkSqf
wysAALjfJjNJmGLpPGjop8HaPLe2OuHwKX84L7dm0LbFsmmdmHc=
=FadG
-----END PGP SIGNATURE-----