-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-tomatocart_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-tomatocart_14.0-1_amd64.ova
      f678f0145ab1d572fe7c8e30155ce3a0

    $ sha1sum debian-8-turnkey-tomatocart_14.0-1_amd64.ova
      a9f129e6aed5d7e857ccbd09f4175d5f1ea8f823

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWObxWAAoJEIXCXpWhbrlNRawH/An7Uuy3AZu9dXJQc14NrjBU
sebpXZiaWaOCWyInm6yjRYzFoTjpGmzqhfvOXwJGbUXawgGtzK/df6boYcGxpcew
YrH8GnWMVIVnbpkvboBgcMm2/EbuajZiFF+WdYqEOUKNFLcL7UEnPX1UYknz4Ot0
wZcRV6ZNE/Hvev7PxtysLjF+XJ3c2dWzgOmviBW55ee3P4fUfPUISsRwUfdJkVxr
n4se1exq7ODnrHu2W+VTl1UD8yZhKujHzTOuv/7GgBTKkESMse/HP/9Tv3bnpzl0
9sSJb9fAZZ7QqFZLSYP97FZ6rHG/aLxpGbzxVJHinj+jrr6SKrgXT6BaQxZoBmE=
=iruq
-----END PGP SIGNATURE-----