-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org
      pub   rsa4096 2020-02-05 [SC] [expires: 2040-01-31]
            A8B2 EF42 8781 9B03 D351  6CCA 7623 1C20 425E 9772
      uid           [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org>
      sub   rsa4096 2020-02-05 [S] [expires: 2040-01-31]
      
    $ gpg --verify turnkey-plone-16.1-buster-amd64.ova.hash
      gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-plone-16.1-buster-amd64.ova
      69d4e77563522c08fbbf83556b59287b78eefe7924ffeac35c96ae90c7d59082  turnkey-plone-16.1-buster-amd64.ova

    $ sha512sum turnkey-plone-16.1-buster-amd64.ova
      f7f8f130c46fca0ed838f8b5643c91470f46890aba7e95c134d56eadeffd4b52c788aea5b0f530d46e862985ea54340ab95481a7b69b9583c2270f88988ff181  turnkey-plone-16.1-buster-amd64.ova

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-plone-16.1-buster-amd64.ova.hash
      turnkey-plone-16.1-buster-amd64.ova: OK

    $ sha512sum -c turnkey-plone-16.1-buster-amd64.ova.hash
      turnkey-plone-16.1-buster-amd64.ova: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAmBh2OAACgkQrF6wBJPl
vBwkgg//VN5Visruz/rHxFPbuebl0Uao33YBrQl8L38qv9yXaBsUS7J/KTPAV//c
zhVyebBx6Q0Ebiz6GDU7rW/Ppy6zmNZgNq0u6gfq/yrsWXVgQmlPxGEcT5GSnb+9
L1r02fH0xWuiAf5pVnuJxsL5eKxfj2WjqU7fhsRCoEo/E+8iDMPl/GHBbwGxbTDn
5tPy61yLWQI5NuGotobAL7xCYEY8Z1yO7wVAAtPRWpRj4H84WtEwNtMdJ8Qx7Jnw
dWPdNBHtqU7SeZFp9hQbrma7RwlnRSTwzUi/2BOk38/1kkTnuNUgdZhN5C/5rQuq
EU2GjafkoUwLkGnWb1KlDBvRR7CvjYTQOHQv1gXoKCq6tndcEgIfpoZ66s0kq7O0
9XiQiSlpW2xejVyzAJ1gUIeC7HyAfJsZ/KTvPr9TsJMAoVs+5FlDoGPfbwgRLWUW
QOOFeEBHlL5++837AxjbHs+8oVV6v1b0VzEwycbnuvSa8ROdDegDar1wJMQy4Aku
Qur8yFxqZ79cgPTC6SCqAnDfw8PiBBhg95Zr7RBeWYS0SLXIKfiZoBHXXWXVU7WZ
HRf/JE9WpHZTWvEsv1ulzzfwZOZ4zZSZ25ndn06af5CES+BNzZMU0JrK6YBApxfb
XQuK+UM+MR/MDkCBDPKGwLWTa4J2YPnHJJzYYdAqAARhxLWTDiM=
=GUvT
-----END PGP SIGNATURE-----