-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://raw.githubusercontent.com/turnkeylinux/common/18.x/keys/tkl-bookworm-images.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release-bookworm-images@turnkeylinux.org
      pub   rsa4096 2023-05-22 [SC] [expires: 2043-05-17]
            2614 7592 087C 0EDE 4214  3B63 7761 DEBA BBCF BA7C
      uid           [ unknown] TurnKey GNU/Linux Bookworm Images (GPG signing key for TurnKey Linux Bookworm Images) <release-bookworm-images@turnkeylinux.org>
      sub   rsa4096 2023-05-22 [S] [expires: 2043-05-17]
      
    $ gpg --verify debian-12-turnkey-lamp_18.0-1_amd64.tar.gz.hash
      gpg: Signature made using RSA key ID 26147592087C0EDE42143B637761DEBABBCFBA7C
      gpg: Good signature from "0"

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum debian-12-turnkey-lamp_18.0-1_amd64.tar.gz
      4146ed273096ac8366d516146a6c80a31179e84a7ee2bd45bdaf761118915a67  debian-12-turnkey-lamp_18.0-1_amd64.tar.gz

    $ sha512sum debian-12-turnkey-lamp_18.0-1_amd64.tar.gz
      7360bce6057c9a4d7a2f3857e83e3660d0050ce0d81f19487332f4adb5df0d897400ef64ca54b256a6a00b58927c67bdb146cae4d5bd90a17e315a6eb1e80d71  debian-12-turnkey-lamp_18.0-1_amd64.tar.gz

   Note, you can compare hashes automatically::

    $ sha256sum -c debian-12-turnkey-lamp_18.0-1_amd64.tar.gz.hash
      debian-12-turnkey-lamp_18.0-1_amd64.tar.gz: OK

    $ sha512sum -c debian-12-turnkey-lamp_18.0-1_amd64.tar.gz.hash
      debian-12-turnkey-lamp_18.0-1_amd64.tar.gz: OK

    Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0achB3UVKiMsY4ckkPLGHN5q3jcFAmVLfxMACgkQkPLGHN5q
3jfW8Q//eEDOzIJaT3zwYsdA/poBrwKWlNsb3hFhGhDozggQFRLWNv7FxxP4psk/
alhS2LpYRDn4iCfNvK7bxAPZOSCOR8xzqpnaL13TOur3t1I9Ih3DLrYPiIaG7YAB
FyGd30QbGHoTOrdZgIKS6YbaInjfgpkE5Y2E5ue5CC1osmuEy6rUbQ6meNmHBbhN
SGIf4T9eQE6GqV3z4WK4d3R7V+/92EjjnslPCcn1+fdeCA4TpYzz6GywJy+oz5d7
bVFkMba9UJs75G7Wth1f2kowEj5NTPgjG+LiNK2pWb215HbaP/2DEYyRTtJ9KsJw
re0usre/MvexiPiG6rjlpApow62SPvmABfS7UV82DVQtT0FdTxqihrT16yGY3zSE
DfLixRCtCzlhiG7oj4Yj9WXqbWmeGflxP2Q4aaYWxl3DuqnJc3NKVDLtDMiu9nnK
bfixngLVQ87b3zQKQrt196Y5r83wnVlK9RA+Ycb7KRbYACbvks2asQ5lYRdB8JLo
J7fkzMycRAJf+FxtdDpFSfCVsCJ/8V8IceJws6hutgGsaFznfy1iod6A3joAIw24
YnCdkGQm8vrcrJoW3GPtAJPrekw4V1G12rnfrB6ONoUXXK42WtZZJvE1kWdK9axW
EQ5e30O8g695EaAMYdthkSh61dW3dodAtP3qwdDHqS1VhirpvRM=
=jaFB
-----END PGP SIGNATURE-----