-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-zurmo-14.1-jessie-amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-zurmo-14.1-jessie-amd64.ova
      4ce4f8fa41103dbb5bbe4acf2e0cb3c2

    $ sha1sum turnkey-zurmo-14.1-jessie-amd64.ova
      419f3c410e5b01fb585323a37906e5a20b975568

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn9AAoJEIXCXpWhbrlNojEIAMZq9IpVKIeAXV3fJPlezY3z
aiN5CA/F3cbu7JcDuDYkr19pF4k+L6YwIt82Hm4Mqf7VlqFlrTTZzye914k/kHDF
H6neMUWNG53Q4wD0fdOG1bgx75z5NlGvEG2VYOIBjJn+ww+jznvrc8SmZCEzxJYR
OmSzMCZDiOEzimkNO52W1s5gfmfGK0FBo+vS0/4mqpEI21I9UTYmq1fi4sn+cmtf
OhHBM5nR+NrRLwYw5McADRI86+ERtLj0ClBsSypiNzeXqZHLDbdtnUnv09aFM6j2
KtEuI3PAIA8YCIUOZqFXqJu6dzY4eG0i3UuKuWJ5SPk7n034qS1jjNaT80inwlo=
=CmIO
-----END PGP SIGNATURE-----