-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-omeka-15.1-stretch-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-omeka-15.1-stretch-amd64.ova 68acabbae699835e5db045083bd3f64baedb0a31e2dd877b5acd452a258b271d turnkey-omeka-15.1-stretch-amd64.ova $ sha512sum turnkey-omeka-15.1-stretch-amd64.ova ce8fa20476042d175285ea4e0dd0cbf78b53d5ab5bc277fb35a5f1888fa365ca1791b7eb482dbb885a27b0d6c72c94fdc89259b5a87434658336d67beb04109c turnkey-omeka-15.1-stretch-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-omeka-15.1-stretch-amd64.ova.hash turnkey-omeka-15.1-stretch-amd64.ova: OK $ sha512sum -c turnkey-omeka-15.1-stretch-amd64.ova.hash turnkey-omeka-15.1-stretch-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlv/pi4ACgkQhcJelaFu uU1KqQgA5nROZW01MVJvc+boDJJ+I6qu/et9YExIxcM27RV9WkrOXZoAuo4Efyq+ Wxtfaw+aorMbmfFlAxnuvW/HkkNdrU8susugTdLFp9ANn/hlMyJLIk1NzZLFRNkq seSSMHJISJUdwosYeNPwdVWMvsltgBv73ytOy0tI/xzZMXtGjMc0HBMqKHaks1rP ilaFDtsM0vlStrgzShKNsIrMp/D2TDpd9lwG+B1LsbHKOm4f52lGBYbprOGBe9TU YlOPmvjsUdCTC+RBDXLDZEs1313TwrGhdcBdjAtm99ITf0RxJZT0C2ABFmT8opBa /e7qe2rU1p3f/2d8oK/SVva/Nz8/Fw== =FPp3 -----END PGP SIGNATURE-----