-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-silverstripe_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-silverstripe_14.0-1_amd64.ova
      a61b525b0d8f11557e0a8c39c3730ac3

    $ sha1sum debian-8-turnkey-silverstripe_14.0-1_amd64.ova
      9721e969addede8633a3ec276c426b1fed289a75

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWObxWAAoJEIXCXpWhbrlNlFUIAOzFCK4aTNI7uxBHU1R7uYVi
T9AL1xi3A4DH/vZFn6GXlRbe4IaTcX6+op/LksJEw/OaMfgX11iiX1FiIBDATpB8
LMweHTxItPy6E+Av3pYytYOsK1xVKGNcFRvzII6ZJ74Y2hNR2clFm493b4ReqzY2
tH+G8pq+v+JhCcUsAJlXRF8uabOkHZEhRoLDlW7tsJg6ImJG6ozSp5R3Yh3vcQLS
eRUM049+WIXvTrF002gukw6wb2qJBrEV+KUq1KizIdCZJamthyo+B+qtnQf2eGqA
w8MmLwMC+8D/wObuvX2V6z9GjPrBJypKaiLGd2zpyJuNh506rW+7Ryu0YE8nnhQ=
=O3gd
-----END PGP SIGNATURE-----