-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-vanilla-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-vanilla-14.1-jessie-amd64-vmdk.zip
      8425d993fc45198a0b85be3687811e0c

    $ sha1sum turnkey-vanilla-14.1-jessie-amd64-vmdk.zip
      9a82d1624f52ab843507bbab4f4c164f369c2670

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn8AAoJEIXCXpWhbrlNtFYIANeNk2cNMlfpSZ1TsdCxqxSH
Ic768MbcjWST1ydNywTrlg9xY2juWa8SLKtdGBVU9barh1k8ZdvdwcGz+/eidhTI
DgqmgCzjBqrcIJ2Oy9NhGkbmEkCp+6Y7pfZ5/Hi2T4BVSxAaRdSpdlcdeJiKPjyO
WjBXXVHaMt+bXQro17M1XuSAvukBr5cifhDFV3bl0FCQZ52D3CWz1dxjH7T3Ka2O
huI9jZAHTxf2AXtdT8wHo9HJ9s1duWCeTxLI9I5xsC1i8Nl2/QpoZy2W62VyMjUy
3lLXw7RFea2rlRhw4FLSTXGN/BRWhu2TE/rxTGMGq2LU1ROv4bOy3tzXh2nbVQA=
=+xV4
-----END PGP SIGNATURE-----