-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-tomcat_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-tomcat_14.0-1_amd64.ova
      09a53b4f6d279ffe9e9b894822242ef5

    $ sha1sum debian-8-turnkey-tomcat_14.0-1_amd64.ova
      72a0fbfb81cb600bb15597d55d84cbf47508a2a6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWObxWAAoJEIXCXpWhbrlNhO4H/jGk1Q26bnmucCmJOXdfneqq
FVbrI76s5JTvEjolGdsnc432pLR17bRZIZ9iFE+dxkuzZcX9pTDovWoDl82VOqQz
SUAJOs20WM/Cosn5E0A6MsreXjpF58slOH7yEwto/XfQAMA4kuaYHp4i8AxsO7Os
Y15ror/ElsQIrzSatuEe2R+fQEYAODWUYko1V+p9HIlHa/Py2ZXCiOM39QNi51nZ
C0zwyRCEJGwCzVYdQ93tcbCIplc7GLEQqPQoHmovZHuRGUgCcmuXAc8XLO0BgJHe
tbUrOpw1wkTrtT/PkA8t0qMoiNVvdyhR06YR/KGrrS1fIoaFpU7jL7nhB/maMY4=
=ppzg
-----END PGP SIGNATURE-----