-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-mysql-15.1-stretch-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-mysql-15.1-stretch-amd64.ova b4a7fed49040adb2b7c8b5bae9ad57c9c22330078fdc3ad5bc8d10ccd273618b turnkey-mysql-15.1-stretch-amd64.ova $ sha512sum turnkey-mysql-15.1-stretch-amd64.ova 00544962f840b9136969471632ac6f7b4717da5ff3cdf75550e16b85d4179181121bbc2f8ca17757b9c318c22cb4a4611b69148e891812d4c358538cbe999921 turnkey-mysql-15.1-stretch-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-mysql-15.1-stretch-amd64.ova.hash turnkey-mysql-15.1-stretch-amd64.ova: OK $ sha512sum -c turnkey-mysql-15.1-stretch-amd64.ova.hash turnkey-mysql-15.1-stretch-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlv/pisACgkQhcJelaFu uU0lTQgA6CGywute1KLG0VVs2w0HcfsU8YJZn7G26z6ufyUKIdftM6muMbv58cbi J9LXcmUac4nc7ehzMIMUWAOxndqKOj1M/h1sP6QjSNPKEZTDb7L21WoebJcrqOUq 5AeuCwMnwuv5bma6kBPqhsAC5CPsY4l4BIMEq+iW92syUy+XMN1OthS7wKP0nCAR bVypn9/c8gURjGZZxYFHyADx6/YOFbMQhpw/1Z0JsOPIhyCqab94s73ZmPRG8DGo c9uSVLdmuT54TMxJ5sJRXNTg8jFclmLh2hoIFhPgqg7UPIG6RDzJAKcLaGhxLN6X ccV3mSdKgzYaVZcUg7ScSJA/nWg5Og== =A9Tc -----END PGP SIGNATURE-----