-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/18.x/keys/tkl-bookworm-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org
      pub   rsa4096 2023-05-22 [SC] [expires: 2043-05-17]
            2614 7592 087C 0EDE 4214  3B63 7761 DEBA BBCF BA7C
      uid           [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) <release-bookworm-images@turnkeylinux.org>
      sub   rsa4096 2023-05-22 [S] [expires: 2043-05-17]
      
    $ gpg --verify turnkey-icescrum-18.0-bookworm-amd64.iso.hash
      gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-icescrum-18.0-bookworm-amd64.iso
      741975d54a6824bc9c46a2924ef65e36fbf22b8f52d542b7d21a2669890ffd1d  turnkey-icescrum-18.0-bookworm-amd64.iso

    $ sha512sum turnkey-icescrum-18.0-bookworm-amd64.iso
      97aaee86b531813bbe56599239899bf4fff081f7e04f923beb5f8d1c3b33fc8ea5c93b2d244a362533444d4cbeea74d4a7b2aeed52117b77080c221e13cd3b66  turnkey-icescrum-18.0-bookworm-amd64.iso

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-icescrum-18.0-bookworm-amd64.iso.hash
      turnkey-icescrum-18.0-bookworm-amd64.iso: OK

    $ sha512sum -c turnkey-icescrum-18.0-bookworm-amd64.iso.hash
      turnkey-icescrum-18.0-bookworm-amd64.iso: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmX2s+EACgkQkPLGHN5q
3jcblg//aO16p0+jA0SlyjLNUR3Ta+ZWbht6AiA8Dgv47ngld8viY6nx1FAey8RY
wh25RJY9qw/tn2xEvELgBNo29luAm1o5Jco2ysr+YSTf75FozE122QFFXYHnI2kc
OqFYZEJz6GlPgpedt8+x5Rbe9uQ0Eyl48aWou9hC7FPS+bnDbHoitEylb1i+VLxa
ajU2fTFkxwdPTKZs/aw8I308H9IvC+wS1ht0qtEvymFQLZlyKuhNcod2vyv8hrKg
cabAm5C3crPuONQBd2BudgA4VVlPHvaNrmZxMI1K2o3BxTEzoPDe04Sf7RSg6BJL
vNrmvERC508HRLicEALrNf1MeYnsr0QNROJqC4dTbt5hHz+2w7Cw5jreaDY8xYpy
AZlWh0cvZZKL9lt0loH1EsB8JWPGpicujoGszMVYkjE5DnE3+Hs396f+5sfsWbCa
nxwEYh1bSy1vnOFSXMAZpPuMU5TrhOhlMqFtJmqSJ8uGpayLp2R1uN9ofpoIa3Yh
3PVAQc/JqclskFupaIQhKjTOvjcMEQjXEl9EbZHInPG1dWhwHO4wrsrs0u7KVJqG
L8FxVqL3Y7vYQd9LzQLfw9Y2KATyl01vilVFbkHbkXqyTxUezvflRz22cIkO5ght
pL06YRNOsXW3Acbevit7iSuMNeEtt6riEivPFZkyjREifht9Mvk=
=UhDU
-----END PGP SIGNATURE-----