-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-b2evolution-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-b2evolution-14.1-jessie-amd64-vmdk.zip
      512426287171aac3bfed42e122c3d2f7

    $ sha1sum turnkey-b2evolution-14.1-jessie-amd64-vmdk.zip
      09a0c5f02042f727e18093230411e9500a0f3cf1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnwAAoJEIXCXpWhbrlNppcIAMG1Rc6OI998yIUsSZ9f5CD1
+6PdNvnH3GAWG11A6eP2GSEins29GXA0KuqZtjhk3RmeTy/tHzG1R4M00EfQ3MyT
bQkAueTz8XdfuQAkLPvks3sMFe6hpulsAU3he4EzL5qou7DEXUVSrvUeMbsFDjOW
dvT5Q5HtDXvXXSUnEMsI6besmznEv7k+MhBxLhUgY9QE1q8H0xvcTgcaIrB0qOUv
CW7fjBX4SjIilv+nSmLbo1h02VkzZEwM1HovF69sBC5Ynbvfe1HcdBHCa4wGfr8U
novO6yjMjfaXxlWWKBQmyxhFbqy1AD1EqInnOmi85wCIidHAfxU2pBUnA7yMiKs=
=agLN
-----END PGP SIGNATURE-----