-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-drupal8-14.1-jessie-amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-drupal8-14.1-jessie-amd64.ova
      b8466236beb277a8fff7762025fe19a0

    $ sha1sum turnkey-drupal8-14.1-jessie-amd64.ova
      2f4a0f0264b491212879ca830a85fc02adaf8d00

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnyAAoJEIXCXpWhbrlNt6IH/RYriqGmAySpQ78LctsYKpEr
eSDCH2KjnH8fPVC5E2rLUzuIesehvM7v1vVMTVQE/rp6Sg5PjxFknmGfq/i2/orB
YxzIUChl8wqanDM78Nx32Xv53zLeqLgBzBRsSdIbRKCaWkFfuGb/HQBk/JcwM9oF
a+eJPxhzilObpvwGwo9EDbidXoM4Qb0bicpoLVzX1DZbdepyye/YSU/h7+xpSwqZ
NgxBz3+Yf0YvORbtUhg+wAwOYj/ytdUrQBTqYKIkWw6YghYKyhKQ+lF4Di6fFnGj
0thmLZhiQBClCEqOjsuQzeiJtV9IpERR4pPhR5a29KHUw8gyDBn9+cSO1G55yMQ=
=FCAH
-----END PGP SIGNATURE-----