-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-roundup_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-roundup_14.0-1_amd64.ova
      a5643d577195e2b2a1fcc1bdb8016068

    $ sha1sum debian-8-turnkey-roundup_14.0-1_amd64.ova
      872902756fcd77fd014d82896698a0032e66eca9

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWVyWqAAoJEIXCXpWhbrlN9OAH/0TTznuTbtSAVl4/62FxglvU
JAADkCOd0h2L1b2BPlzRhUYgr00woViFqF9Q7o1ysJN7WnmjDtN7TG0A2+yJCcZ2
+P+0s1VUrUTONKkEwg0zRpOWlJbFRjwt+lzPU4T9+mP7DFB1gWiLnOwbn33IzWzo
feQ0vd38XZkeddQAB3dVJUStYypPRrcVjQblW2M/kQPdl7H6sdI8e+ZtY+/mgiHU
jUinz0cCzgIYBrUuGGzOlRUl39LAi9ui6wD0kpqyA6aGM8TMVCIsqaYKNyCEKqz2
0il05+VbUxO80m7TB8HUl1aQcKZtuyRJaWT9ldvgQgprwao40xVVYCf3XsGGgtU=
=Mgti
-----END PGP SIGNATURE-----