-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-silverstripe_14.1-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-silverstripe_14.1-1_amd64.ova
      4295ffccf739e11adbb6e62b3746330a

    $ sha1sum debian-8-turnkey-silverstripe_14.1-1_amd64.ova
      eaa6c3e21332940cf62702f4d5bb5b76a8f6baac

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnuAAoJEIXCXpWhbrlNVYMIAOkjZdAwyqHWFMdJybKUXyjh
U24i2fCwf5KJV8fhI14YxWj4rSqaiOUVOeDdwLNMkfFJy7rH1ltQvOKgmlUqPtUm
Dl3Kf+wYcxH2ryFYlrT3eoY1u3e3bcfl8zn03DaA92cSJ4iaYwn9SAH+6o8dDLhq
RXRVwPh0IpdtGXLDts3oer4Z4y8MKp8qJT1HEq/uqO3Is2owRDNXyC8x273JOdYs
95YsdC+Qv2jX5GA6QpsHVghUV4xRxGPsX7IfYq+i51jBUrtgaGIio/nI5EDo13uv
r1+r2rwTYcvXkP+juFXruU1qrqEAPtWRB5yLf7Q3SLADNavEnE92qqPqHaAV7ns=
=9dER
-----END PGP SIGNATURE-----