-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-odoo-15.1-stretch-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-odoo-15.1-stretch-amd64.ova 4bc1c63ab626ab702b9d2943a4ef928ce14bf29f3aef011be16994857ed19e7a turnkey-odoo-15.1-stretch-amd64.ova $ sha512sum turnkey-odoo-15.1-stretch-amd64.ova c87f75248de9ed147f6dff178740afa31c31c06a3aaf11b6067275934eda4981e333fd96712e1020303b4a910952ca65f83eddf368a78ce977f53c1781840d75 turnkey-odoo-15.1-stretch-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-odoo-15.1-stretch-amd64.ova.hash turnkey-odoo-15.1-stretch-amd64.ova: OK $ sha512sum -c turnkey-odoo-15.1-stretch-amd64.ova.hash turnkey-odoo-15.1-stretch-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlyZ3P0ACgkQhcJelaFu uU0WiAf/XyDIRbonVxWG/f2GV8rdALeWCv5WjhlUTmil2DsF9ohDcTk7J+FlStO1 lmFysk5eqDf6FXHEK+1zGlANApY4G7pXtmxTsfShHGZy8od1fZMGf6Y3SemctwD6 EaEVoI/+7f2Ulanp6DgsJEGoC5cSq8M/Ybo5+v0wrgftsBDSFNcE2QlO6W7TjkKS KTNStWvDB1VVyufGh8HhmQcrdOsFBsV3VWH69r9OYctsu2idYmQKrJTLoKbgyEba q553B1bmPEGCdt8E/Odt2s3+qy2hUhd8ftzNitS2j4B5O+F00IOtwlHFwZll2gjr R9lpbTq7WpP9Kor8Wx3+y0hidd27zg== =vB/e -----END PGP SIGNATURE-----