-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tomcat-apache-14.1-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-tomcat-apache-14.1-jessie-amd64-xen.tar.bz2
      51a7be1c707234f2d499acf770560ef0

    $ sha1sum turnkey-tomcat-apache-14.1-jessie-amd64-xen.tar.bz2
      51397518bd9f5baac6db769cce49f5e0c87b977f

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn7AAoJEIXCXpWhbrlN+q4H/jBmkN1D3wvfsHWICk6Yzy2D
cVPv1+8LcniyiPmIEyXdjJ81pmV627eH1WuH02XFRLtNVfndZnZ9enCPTY7lSydI
gHQpqzeaaxm/Ai00Q6OjgoXqMTE5f8GCptNhDyjSh6dqK4iqKBNx/XjkgWcN62f5
aH34b143/r2TmrNHkFS2vKbR3a3V/EwtQgBaHAYuNYYDKFQP+3i7xnoY7M0raUoZ
Ol4nAdo47jxPB9GuDmoc7V1BZABpeXW/GLRHx4WZNejv7BzCiPXpfCYNatvrue5e
nP197JYmDm7pp+ObGcCLvY1KURY7hUZMKQk4uBhjbWyMxJEhXR2f8hzqZEBkDnY=
=5hSJ
-----END PGP SIGNATURE-----