-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-rails_14.1-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-rails_14.1-1_amd64.ova
      2773855ac6bd98e4a556daf84fe4c5ff

    $ sha1sum debian-8-turnkey-rails_14.1-1_amd64.ova
      0ea95ec269967900b10b99e96ff57f156969b8f7

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnuAAoJEIXCXpWhbrlNFT4H/0Aev+0sPfa9KGZiS5k60mgp
nAohlw6Ixl65LYvo6UtHQ9zWSFnZEkSiynWniONaQcdqCbQiV84Ly9OIxx3WwumD
IHO0fM1LsQyZqZl1QL+74Ez5VngCXWy7FeEhIrKzaYwVmG9xjqcJzO4rboMijY7W
ml2WFVL4/mgJbcbqPBsnV/ls6thRQD7UgBghrcGFp91C/vP93IPd88nzrzHG2RU7
WMwhlwniqutCOg66AYEUwbVcBGj0w1q7JxmQVJ4k7syDxHmj12ae2GDhVAEXsXrU
y25+uhEFpspRSXQpXZGPOYSMJUeAfpwTEcv09R2Sfua7/HzFECYkoqwoFqeNPrs=
=qDPO
-----END PGP SIGNATURE-----