-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/18.x/keys/tkl-bookworm-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org
      pub   rsa4096 2023-05-22 [SC] [expires: 2043-05-17]
            2614 7592 087C 0EDE 4214  3B63 7761 DEBA BBCF BA7C
      uid           [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) <release-bookworm-images@turnkeylinux.org>
      sub   rsa4096 2023-05-22 [S] [expires: 2043-05-17]
      
    $ gpg --verify turnkey-jenkins-18.0-bookworm-amd64.iso.hash
      gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-jenkins-18.0-bookworm-amd64.iso
      b5154be1194e6f6959ea3687cb9c900efca662a83ddbc434a625fc6e7222f77c  turnkey-jenkins-18.0-bookworm-amd64.iso

    $ sha512sum turnkey-jenkins-18.0-bookworm-amd64.iso
      4780ec7e0946c19c7ddca24b0d1b8fdf606a41249563cdcf5fa3a5323c3e716317056f2b395bebbb062d2e0b7f683e395dc4d1149587033d0cc83268217402f5  turnkey-jenkins-18.0-bookworm-amd64.iso

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-jenkins-18.0-bookworm-amd64.iso.hash
      turnkey-jenkins-18.0-bookworm-amd64.iso: OK

    $ sha512sum -c turnkey-jenkins-18.0-bookworm-amd64.iso.hash
      turnkey-jenkins-18.0-bookworm-amd64.iso: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmZwA/MACgkQkPLGHN5q
3jc4HA//YUHXsR65is93vgqXaHdeDWSiD0eWw9hYi4NRiugBIVRDYo6WRmtbRG3w
hnaKHFMJUfmQo42X7BfnCr+093M035vWaaClv95kufwVclB4APtEVl8nWiM/YjNm
ECGEVY1BM8TiM59+pPtcs30gJJeu8j/eAv/c1NSgQmgYlmxPCMN/0vP41FnJvS2q
MHM1Xy/T2vY9j7uxOKp2kzAvE4lfmLAET0fCwDlcB57rqMVTl3AT6tI9tUIgAub7
0hS2tKgYXIdAd6NutLaWh4sAICyB2qQsWSI+sTtJIaOBAjzB2tc5sdScZLSgHvtH
siQzuAenIrOYhJoji+w+xa7AgGWx0zUAYjpcGOBd0NYGxyKJ5jnwARaPeRTLOOv9
O6ZkP/Isg4uNBXWDR9TjFaM6KC5WwmOal9d8Wj1um2FQCJjGQtL6l7VDPwkCfjKK
ZBXj28HwKpb8DXO17abkyDgBz3F3OwPipzpin+0U1CsjmAuUst4dxyto7x0U+eoJ
42UVGoX12TaLlgl6MaVS2KtXPCwk9XIKfXv5Jdl87Mlz5OhprS+xeNLlfn6HIgMR
/+B6yWcPDu9nivauGcAaiLPefAYqT57Ai4POrz/JbFSb8TjD9rVJYe5MvAUrkz6w
Bm3pT24eu17RHlDnRTGpxzjrY1OGw/Dp1SWCiDnpPH6OuNJmnB4=
=qm5w
-----END PGP SIGNATURE-----