-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify turnkey-invoice-ninja-16.0-buster-amd64.ova.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-invoice-ninja-16.0-buster-amd64.ova
      e795898af8aed26aba0ee0d6189cdc033388dfb76eca3ffb2c5c7d0a8fc9282d  turnkey-invoice-ninja-16.0-buster-amd64.ova

    $ sha512sum turnkey-invoice-ninja-16.0-buster-amd64.ova
      74c342368019e4d88871786cc6053309c86f9314c013beb666b38993f7c1ad35b13ac0847d70e9d0216f06c9218bdc663217c018477d9d56d833fa0b0cac765e  turnkey-invoice-ninja-16.0-buster-amd64.ova

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-invoice-ninja-16.0-buster-amd64.ova.hash
      turnkey-invoice-ninja-16.0-buster-amd64.ova: OK

    $ sha512sum -c turnkey-invoice-ninja-16.0-buster-amd64.ova.hash
      turnkey-invoice-ninja-16.0-buster-amd64.ova: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl/YwacACgkQrF6wBJPl
vBzr7RAArodGFIwXmMiTlE5GhAeY8cCIwZ6ss/qb6QWA1oE00fqiqvpDpfR+uE20
OqJYubFV/bIf6nuYoMvnQEEzkg2XKz/P4KJgZT7aK8hnpj8PNkmLokMpUlIm2h2W
ORjBlQO5nRKXrw9JELuaaFMC/LaPCzchcZG/Tyw7QZOOevMoPIGnQMS8pET0DntJ
Urv5ttYqCm4i4yWbDqRjm64ccNlrRV3a+jYRWh3A6WrsOJ26jTMVavkZwAS4W7RD
yV/4TPtAonME3EP21ELG5JhWFc00odw3crj/FFzFflkVsJf4Jt5e+U5Srl3ThgQs
7i7V/w2v3u82cxSAtGoCHEVCx8dH/JMakQ7rdrHcnqIJ2oXDA9i1cWuaiViD79Sz
cMZrDlNNBQIyrIDkpasJhESTwf8ExW3MxJhEGSZ+4TqW75G1Q+M+SeivRGpQ9J/C
PImuVfyjLRfEol47ekEecyGsjihjSZD8DKwif+8CYoQdxiUoSG+E8mpetPvdvrKE
xudQgmpttJKzQTQNS2iPoL8EyJS++62AWc5tkZZgmZLF4pSPttB9wf2fJHuDQcV6
U5p0c9OBRbDTs+ZDZzHnfk8XsKXsCVs8eP8wxkBC9bb97duxqpK/5myR5ut4zbhR
UhzUDsoNyXpXiotjKXBR7pdbbbmehGl72Z19GR4rVpUvmHLr1Co=
=2Qys
-----END PGP SIGNATURE-----