-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-dokuwiki-15.1-stretch-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-dokuwiki-15.1-stretch-amd64.ova bae1513b9b23ca94a9b78435b216107543bcbd7afb4801d6c5dd1f6bb9172f47 turnkey-dokuwiki-15.1-stretch-amd64.ova $ sha512sum turnkey-dokuwiki-15.1-stretch-amd64.ova faf8ded0512ead099a60cd5252e9866660e06981f8314b10f52a92894df9d022c6ad5fb4bf2bfb28ab53058e29efcfbc6088f6bbdee1badaf5d388b8089ea087 turnkey-dokuwiki-15.1-stretch-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-dokuwiki-15.1-stretch-amd64.ova.hash turnkey-dokuwiki-15.1-stretch-amd64.ova: OK $ sha512sum -c turnkey-dokuwiki-15.1-stretch-amd64.ova.hash turnkey-dokuwiki-15.1-stretch-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlxhNvsACgkQhcJelaFu uU3j3QgAyFXxuYCBQCrNypCVJ5a7Dqf7+mdlrG1HW3nCYB3ipkHtQjtoxHHklD7y C9H1Jl41jyJI58sKEbjMCIQtyUuUO/Ne4Sf+PNbRFxJmpBID/3p9mRC09DNm3Gjg iM9uMrXUknLyEQWUbD3K9Y1YL1zy+ixNLLoawb7xzLz0IP3p6nazmfcUahzpBN6Y pvPWqHuvAmWMPsvO0PVa+Gwi5nCBN6r3jSuQRPIlrFU3MY4dqdwsoGIw5w/jQ3b9 zEOVuugG3ZGXzg619DKi4SPAxRGL+QH0Li/FxhT/SWVOjprQgvp4cKCtOwnhmX5u 6y3p6KqAQAzTO64NX1xzEV+Kj30pWw== =hQqs -----END PGP SIGNATURE-----