-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two steps are required to cryptographically verify image integrity. 1. By verifying the integrity of this signature file, you can be sure that the checksums included in this file are valid. $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-8-turnkey-couchdb_14.1-1_amd64.ova.sig gpg: Good signature from "Turnkey Linux Release Key" 2. By calculating the image checksum and validating the hashed value is the same as listed below, you can be sure the image was not corrupted in transit or tampered with. $ md5sum debian-8-turnkey-couchdb_14.1-1_amd64.ova 400e5061c0f5a0c5d0523231c75864db $ sha1sum debian-8-turnkey-couchdb_14.1-1_amd64.ova 8404995fd9a815fead9b0a5b093ce3bbf4b43df8 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJXDJnqAAoJEIXCXpWhbrlNkvsH/1X6krbhZqB5h9Fw5ciZaEZH hz+iInMT6Rma7Ul4YHltpTj7t/9b23SHl7fih3dqxyM67ghabVAcOe+G5k7zCGnO l0Jk0G6Jnz6mUYwyfukAhtpHjC4n2rLmcLDXpA4YMKinJEuKX02WN/isQMt994nN w5XjAcDzBvwOMpohMWT9r+jpTozoMzcU/I5hF1Yn0Qf7a8L9p5NHnQFSsisDFbVH z5P4CqO4mUTqBA4bbJ/0VAVET4GMj3lsodNDB0EPknhZg57PN2dRpJ0uyLv8LtKC EYK2YPSjiN7MF5uQ8bEFRC44D/IBCtNkHNQ6aN32Di73lcU9sIvRBElkPb1Xgi8= =gpeQ -----END PGP SIGNATURE-----