-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify turnkey-bagisto-16.1-buster-amd64.ova.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-bagisto-16.1-buster-amd64.ova
      07d7b7e4ce22be0a10aedcc20199c1b57a178fbdca473fb16911b3e4eee6725d  turnkey-bagisto-16.1-buster-amd64.ova

    $ sha512sum turnkey-bagisto-16.1-buster-amd64.ova
      ec14f147e9b299f29c47157d7a5b6569f3ef5f157499fd4a11a468b8abc824bab9b009fe06044fe80871cc7f09c8dca55d9bcf65dad1fea828036ef5ff84885d  turnkey-bagisto-16.1-buster-amd64.ova

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-bagisto-16.1-buster-amd64.ova.hash
      turnkey-bagisto-16.1-buster-amd64.ova: OK

    $ sha512sum -c turnkey-bagisto-16.1-buster-amd64.ova.hash
      turnkey-bagisto-16.1-buster-amd64.ova: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmB728wACgkQrF6wBJPl
vBwRJA//fvQtwb/spQaWVaDQI61KYa7hvm4gvZjqYLl+m0ukY9KG6xSnjR4BjsaX
RY/vk/09QtFH9UkSHoL7rtDT1lFFI/7cb4D1uAmd5YdP/nY+xggz8SO1K9RS+aRh
uaxrCg8wnm3WOMt6sjWVFcUpMLSE6wcBMOQsf6ZRa1Ru1aKR6H2Wc9onwSko5ASz
P5xziBcE1MpIVcCnSA7KIikcUnWrXX7ZRg+12V6Nrcl5vDZgTkzZzDXO+2jG9xo2
q6obEUuj5nzoADk8sjCISGOb9gf9/qnCvIG3PyQXFTBfh4zQsAozgc0uctYKjNci
cCzH9XAeB+k49gFWGt3CEnr/1oUxdghoy8KRp3pTyUPFXoTu/ds89LhFMbJgbBtF
sNF75GX/UHPrL737WLD2g+NqLy7yLdGnfDX0GVAxpTfecoY8jph+H2gOj0aUDwx1
YXSfdkpeJ6IjDH07nZEgUXNkz38tbhOyTb465+rqoowne9YprpxJ9dnu7/1j0nmA
2Ny99zV7Ad8Lrr70e9uMoiv8XMW4alzYolmMx5oB+Z/SXMcmIPGf46D2w26Gv38F
78SdpxSwJ8O/n8wOfn0Z2BDFnIE29QZUM3bD4Sg0Re82GC7svf8o5pktX6htrMZS
UOc9AS11TETVReoM612PejZk42BHRPPnDCYsYDUiazh/TfTHR/E=
=1dgG
-----END PGP SIGNATURE-----