-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-web2py-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-web2py-14.1-jessie-amd64-vmdk.zip
      ddb72a3f2942bcf9944c7a52837f635b

    $ sha1sum turnkey-web2py-14.1-jessie-amd64-vmdk.zip
      4f1fc8ff1d03cebdc17db969e4babff1d29518cd

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn8AAoJEIXCXpWhbrlNBTMIAOho11LtoA2UMTJnMWv8aSOg
PeRZ7DyLrf8hYpnUYPHgK/9AoaqnT/8IMuzrZn3LaGDW4iyqiuzRb/CMtb6NNnbf
lilACxpZS/rD9JkxFSeveN2Mm8NOZ03OlMUiBrVqIYCzFL+xrw1kmmK3S/lMp03d
W9LtNPvmSy2ZuyO6l82F6W5DWGCcfO2C6iKYAAM3Rx/zn1hSt3w8QNJArgLyNJnJ
4YH54bo4jaRtkpDKM+k2T/npT5SF2kE0QtGA6xOYLOmsYmxIL37YpLAO171FPQ7F
gdh7s3sLGTIVp2aYql3d0tF5gXAEiBKGfWGO71xZltd+tHyX8OpN18A84qr3LKA=
=H4mw
-----END PGP SIGNATURE-----