-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-icescrum-14.0-jessie-amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-icescrum-14.0-jessie-amd64.ova
      7605bbed42c8d1cb762fbd2cc7defdf1

    $ sha1sum turnkey-icescrum-14.0-jessie-amd64.ova
      9b00dea8a146ed83a48e55372dbf7661340f31bd

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMJdWAAoJEIXCXpWhbrlN6FUH/2yu50C9hTs45g6RxgOGeIBb
sy0zPQficSB1yl4A7ZfltoNTWNHyDT/DTwgDdwfsDkiorbOZQ+C4h330BrqSSdeM
dGDMQjhAyu9gOnxSxZHFKE1e1wqAmgUVMbYNyUEkt33xc15pg6ZFfuE1zMYbPT7i
kp5EjhQHoUM2B3CzpwWgFwjiMBbthaKDjBX1cx7chy+uFvlHSYe9MQI1rRNx7Xdt
6zoICcvrSg5NSJ6LH8cISUD7soGbpiZaefjwuS5V+t/xlr+VJc4COGcsZkxRtH1o
Po6YVOAQ0BvkYpcrh1UWAU3tghW4dUqENhpC2iCqrW1qjo1lZuLQC/nso6sLdFo=
=gvvr
-----END PGP SIGNATURE-----