-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import $ gpg --list-keys --with-fingerprint release@turnkeylinux.com pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D uid Turnkey Linux Release Key $ gpg --verify turnkey-odoo-14.2-jessie-amd64.ova.hash gpg: Signature made using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key " For extra credit you can validate the key's authenticity at: https://keybase.io/turnkeylinux 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-odoo-14.2-jessie-amd64.ova 772f40ee8a0e27aaddc696852b5f9eeaeaae5eaa87a4a5123e2439f95821f375 turnkey-odoo-14.2-jessie-amd64.ova $ sha512sum turnkey-odoo-14.2-jessie-amd64.ova 379b4dc1af68e30f9ee9ae40ddee127c28dcc901b30f8f87b0c9deb2f236c693512f9defdc25df067df05c6543e5577ae3f7260d72f9fc5ec1ea581ad01c218f turnkey-odoo-14.2-jessie-amd64.ova Note, you can compare hashes automatically:: $ sha256sum -c turnkey-odoo-14.2-jessie-amd64.ova.hash turnkey-odoo-14.2-jessie-amd64.ova: OK $ sha512sum -c turnkey-odoo-14.2-jessie-amd64.ova.hash turnkey-odoo-14.2-jessie-amd64.ova: OK -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJZeIKlAAoJEIXCXpWhbrlNlDIIANZv3g71hLP7taOsgmzRFi/T 5M1OGM605YgMVF201bN8oc4DLSKBGLKQzQE/hB8tKWVX56ipFxyl4tl9Cf2iQYKm /5p7aXP5moW8KkE6wWBD202AuB/18m6tJeitFjH+MBeYYm1MihhKf7rCHvbfIF98 TUmQS1hmzpfF01XL4E/7HQSskjt9H/wEzwBK7Zq2hEMKp3ZB60u3Mav/SP114/Jm jVGMUmxpMvI1nV6FLbZuMzPaSmI1aiBPgQVwjsFAccK4JGbAeTpj/+gS+/njR9ek wjZglA4dV4PapuOrOLmRkvpE2s5IJhacn6837+4aIxzZEnj7Gq7Y8LaoMqs2PIU= =G70Y -----END PGP SIGNATURE-----