-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/18.x/keys/tkl-bookworm-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org
      pub   rsa4096 2023-05-22 [SC] [expires: 2043-05-17]
            2614 7592 087C 0EDE 4214  3B63 7761 DEBA BBCF BA7C
      uid           [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) <release-bookworm-images@turnkeylinux.org>
      sub   rsa4096 2023-05-22 [S] [expires: 2043-05-17]
      
    $ gpg --verify turnkey-tracks-18.0-bookworm-amd64.iso.hash
      gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-tracks-18.0-bookworm-amd64.iso
      e46edd2c24c97da8003b99a72f076d127727dfd4e7e302bc5ce57dd68e3c8c01  turnkey-tracks-18.0-bookworm-amd64.iso

    $ sha512sum turnkey-tracks-18.0-bookworm-amd64.iso
      e66d004ececfa891776710519586504d1aaedbd5e7bbedb23c0ff13390d81a5f4011aa20593eba2fa1e9093f9c402a9f6b526b8cb76221ba49116eb84321334c  turnkey-tracks-18.0-bookworm-amd64.iso

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-tracks-18.0-bookworm-amd64.iso.hash
      turnkey-tracks-18.0-bookworm-amd64.iso: OK

    $ sha512sum -c turnkey-tracks-18.0-bookworm-amd64.iso.hash
      turnkey-tracks-18.0-bookworm-amd64.iso: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmZO8VIACgkQkPLGHN5q
3jdLnw//UO3OvXtmRFS+mMVwHQJ5IaMssHQcg+5yb3VS5iu2iTxAFYTfFxt1hyXu
hdkk7UNLm9cJYJOqty13OU7bDZ2LQgu83DAbOLUwxTs+KHgPcG28CqX695DCH2hb
vliAc6w9gPNRYTOwU2+pB2dxl9HC4zKRVKBk06hZAM9z5xN03cLhmy9ShA2Mi5Vn
SSI6RE9RTVSAOfh2KnH63aMNEDbivRsrP6hNMhe3oc0FmY+xpM8CBdRCTjrdZ5qE
HwDana9N17HGIhftef3Zsjli2Jx0EPbR3ZDT4gYxoe7FU+1mu847MK2yr3H0vCZi
ZM7IdGoa2Hhhyoaz+0MdqXz/G74Th0nFXT0jwed6JX7XngkZ3khsqB+Pa3XlsN2h
qxhujFFMw1i1gijymp/YRsK10GWch+mbYobNylhAEAmIO+ScjBW8fiuh9zCMToB8
GjpGnJ69V/pp15a1EWwb7/Bl9nLXxaHvIaawdtGg8Zr7wb5yveLxfKKJvwPoEOF8
OqmLCKsbE3kwnyfb8ZhpdcyvhM81gDn6LH1WLAzxVG9Wbk/FZxQ9BospnVDfYAyG
IQi2ugfsGqnJD5GLzaYuN4FM1FV9UXM8AKB+0+E5HC2RNH0MtVZwpBzZ9ndFidTO
tJEkcCh+g/xbxZEIWQgoKaQrDeuW2lSSyKjewZHUyhYUOgt352E=
=sPce
-----END PGP SIGNATURE-----