-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-jenkins_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-jenkins_14.0-1_amd64.ova
      b8ed0b1b9f5a7f125c02417446fd3415

    $ sha1sum debian-8-turnkey-jenkins_14.0-1_amd64.ova
      d0e6f464eb9e81b3a144503ffe9698643d663479

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEbBAEBAgAGBQJWVyWlAAoJEIXCXpWhbrlNZ0sH90Skq9vhOgXWRT9xmTIW/hry
9uMJb5VyGvr4r/7pAOifYIBcBDXmJzG2sE1A+SEPsCab81FeUdxtymptQf5iwufn
CWvomkS7kuyjcaqctiEKMwUsSsGNJF0HM0am7QdTJlYtttiA0akbRqBZjLb1XlXu
NDpNCcQo8az8XGGy0vKFZUKcL1YWD22zWd32eWEYKSXSJV9ImzUdO6lurTbu7kLX
YLyyNEvxuLymKWba+AlH5RkJrLOoiqk+E/3L/ma+m9iDaADUGEdl2fcbihT14x1o
BUkrkQL/DL95Bq9LCBWGIjvKZM4ubb1DjV35oLxv/WY0id+Q4fYGHR2hUPwSvQ==
=Es5n
-----END PGP SIGNATURE-----