To verify download integrity, please use the provided OpenPGP signature. Download finnix.iso (the main file) and finnix.iso.gpg (the detached signature), then run:
gpg --recv-keys 867279B83BF8E815A236D39E7D6F85C04356E6C2 gpg --verify finnix.iso.gpg finnix.iso
The verification output should look similar to below:
gpg: Signature made using RSA key 867279B83BF8E815A236D39E7D6F85C04356E6C2 gpg: Good signature from "Finnix Release Signing Key <firstname.lastname@example.org>"
Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, 8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2.
The following non-signature hashes are also available. While verifying the OpenPGP signature is preferred, these can be used as lower-trust verification, as long as the entire hash is verified.