-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-silverstripe-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-silverstripe-14.1-jessie-amd64-vmdk.zip
      1ddfb40a93adfc09cd75c6aa0f36ff47

    $ sha1sum turnkey-silverstripe-14.1-jessie-amd64-vmdk.zip
      3b74c5cf4ff8221b950cbe1b829ff9ebbee06ae0

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn6AAoJEIXCXpWhbrlNLwUH/RoKR2Kx4g4z57VdStT56Ynz
nyjaypgDjjUKTfu02zg3D2lh09qBPiCfUc6nPGSy/TKM/NcCONnFJAlk4CLUzXEH
jf+Q2E+BVkVV+htFfu7l0VuaG692urkkM1TkIsAnjyJ+D/gIg6emBR/kjE5/Tiin
J99HuQ3mGconZI9ktCKATjNHaUE06D+X18NBZzSdqGDd470mvGXAyK/RY3cq6cLf
rD1fSSeZRMDJiBZyI+2mZjpg7nRcg3u8zJNeDLKhuIyGmGLIYLdOZkYDo2JzZY4Z
Do5Tv9sT2LpGw87pJBlHzFkl2UboogeukjK/O0Nxa86YQWdh79VRWmzcqxXGz1k=
=DZCf
-----END PGP SIGNATURE-----