-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-mysql-14.2-jessie-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-mysql-14.2-jessie-amd64.ova 370f1eeb9aa9aa91f7239f9565faa4d72bf380d3f8ccd150f23593e5415d0898 turnkey-mysql-14.2-jessie-amd64.ova $ sha512sum turnkey-mysql-14.2-jessie-amd64.ova 310da2d95309726dfb74a9fa97ae6480c037f6924d26822ed25b4e4a4c87972ba22c6e8c43bd85826af4d08fd6539133b6f05caf58ab90ee98e7355ceb16b430 turnkey-mysql-14.2-jessie-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-mysql-14.2-jessie-amd64.ova.hash turnkey-mysql-14.2-jessie-amd64.ova: OK $ sha512sum -c turnkey-mysql-14.2-jessie-amd64.ova.hash turnkey-mysql-14.2-jessie-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZNo92AAoJEIXCXpWhbrlNvQ0H/3I78Fw1Ax1aNi4uVfiBbO4f Qq+/fts7qUJPLih92OPJJ8tVwbrzbVeahFx72IK+sML4g4uR5cAy/M8nmdQ0qqb0 hL1lB90kH62+ZBMAMA8W9U+mh5VohlLpGgqqAVooi7JMPtDP03kBai5s7+nTl8Gf J1/0HW7re7czFyJCNqvoyZIHqFe6TG0gWFChqksG18NUJVsVxLwjnjOTJMFWiUbk Bx04lnPvtfKPLAYqz/M4DQ6BCyYvntx3U0bs0uGs40iJTtSq/x3ZkY38cVINo+Tv ZmVoATzzUFLzZINRXQrYonHYaaeMItOPA3BYR2i8VJ075HL/GX1PkeXG7FJrSa8= =h81N -----END PGP SIGNATURE-----