-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-omeka-15.0-stretch-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-omeka-15.0-stretch-amd64.ova 62938ff3122a45fdf4d5e95788abe7d1d399e1cd6ab44f69647171816488987b turnkey-omeka-15.0-stretch-amd64.ova $ sha512sum turnkey-omeka-15.0-stretch-amd64.ova 612ab606cab1597b6dcf4bab20dd7040e65c51504f7e4858b5534aacec6056815ef6d8fb945540b78cd9f3dc3ccbfa13bd0b2b86571fb3adab201e6549e27f6b turnkey-omeka-15.0-stretch-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-omeka-15.0-stretch-amd64.ova.hash turnkey-omeka-15.0-stretch-amd64.ova: OK $ sha512sum -c turnkey-omeka-15.0-stretch-amd64.ova.hash turnkey-omeka-15.0-stretch-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAlte12wACgkQhcJelaFu uU2M6Af/UGHbVZQ10ep7xvm6GHKuBkXO11S4AR9zcRO6t3MepLAicNwbhHomOEdU 4R40GT2HziyC3gxy962/KYCYdA1c05WPt2YKZyRsUuIeJQrupFhvR5zKtEjlklDf ix+xtl8l0vahIrmHiS/Hfb2kQpcMf4Kisj3PBFdJ+C3WU7zyV+TmNas1CEgiMgSS 6s5dDyhqbTmnVA2LT3CPxnRQQlvdmlVqle1v/nzrZQ4GW2H6vhpVFzcOsKWFQ8cp isuIqpA+ATFBJq9BMWMMZgKp4I5G3RM+zvVf5pkSEgDMQiygMGHgL4AA2Z2BVOm9 eeZWRppKo1ZZ0MeUse9O06jli/WmpQ== =xF6T -----END PGP SIGNATURE-----