diff --git a/config/hooks/live/0020_dropbear_build.chroot b/config/hooks/live/0020_dropbear_build.chroot
index 1461aa8..82237f1 100644
--- a/config/hooks/live/0020_dropbear_build.chroot
+++ b/config/hooks/live/0020_dropbear_build.chroot
@@ -9,7 +9,7 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
-set -Ceuo pipefail
+set -Ceuxo pipefail
 
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
 
@@ -47,7 +47,7 @@ setsid bash -c '
 
     # shellcheck disable=2312
     make -j"$(nproc)"
-  ' >> "${var_logfile}" 2>&1
+  ' >| "${var_logfile}" 2>&1
 
   rm -rf /root/dropbear
 
diff --git a/lib/lib_primordial.sh b/lib/lib_primordial.sh
index b0eaa6c..4335fd3 100644
--- a/lib/lib_primordial.sh
+++ b/lib/lib_primordial.sh
@@ -95,17 +95,27 @@ normalize_ssh_key_file() {
     var_tmp_file="${var_key_file}.noCR.$$"
 
     ### Remove only '\r', keep everything else as-is.
-    tr -d '\r' < "${var_key_file}" > "${var_tmp_file}" || {
-      echo "ERROR: Failed to normalize CRLF in ${var_key_file}" >&2
-      rm -f "${var_tmp_file}"
-      return 1
-    }
+    if ! tr -d '\r' < "${var_key_file}" >| "${var_tmp_file}"; then
 
-    mv "${var_tmp_file}" "${var_key_file}" || {
-      echo "ERROR: Failed to replace normalized file ${var_key_file}" >&2
+      printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Failed to normalize CRLF: [%s] \e[0m\n" "${var_key_file}"
       rm -f "${var_tmp_file}"
-      return 1
-    }
+      return "${ERR_SANITIZING}"
+
+    fi
+
+    mv "${var_tmp_file}" "${var_key_file}"
+
+    if command -v ssh-keygen >/dev/null 2>&1; then
+
+      if ! ssh-keygen -lf "${var_key_file}" >/dev/null; then
+
+        printf "\e[91m++++ ++++ ++++ ++++ ++++ ++++ ++ ❌ Failed check ssh-keygen -lf: [%s] \e[0m\n" "${var_key_file}"
+        return "${ERR_SANITIZING}"
+
+      fi
+
+    fi
+
   fi
 
   return 0
diff --git a/var/global.var.sh b/var/global.var.sh
index 8734640..82f76b3 100644
--- a/var/global.var.sh
+++ b/var/global.var.sh
@@ -66,6 +66,7 @@ declare -gir ERR_FLOCK_WRTG=129 # Cannot open lockfile for writing
 declare -gir ERR_FLOCK_COLL=130 # The Script is already running
 declare -gir ERR_GUARD_SRCE=131 # Module tried to load twice.
 declare -gir ERR_GPG__AGENT=132 # GNUPG agent error.
+declare -gir ERR_SANITIZING=133 # Error occurred while sanitizing file.
 declare -gir ERR_SPLASH_PNG=200 # --change-splash MUST be 'club' or 'hexagon'
 declare -gir ERR_CONTROL_CT=201 # --control MUST be an integer between '1' and '65535'
 declare -gir ERR_RENICE_PRI=202 # --renice-priority MUST an integer between '-19' and '19'