-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-yiiframework_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-yiiframework_14.0-1_amd64.ova
      2ee1c5f635adc1b60946fd58b1c375f1

    $ sha1sum debian-8-turnkey-yiiframework_14.0-1_amd64.ova
      fd8f2a4088d1889dede7b5aaa30fc195f91f1a1b

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWObxXAAoJEIXCXpWhbrlNVasIAISWDCAR/RD5/+qGlQ7geGlO
CozsGIkZCz0VPpC0kJY6u3CgXGkQ4AG3UbpG41y+AAfm5bnQpLQA8KfA5ZQWoLC4
H2qg1ghV3oNK1WFM+NS9EwnHiCqRIejgSjyQptPf4Zf6zC18H1cdL+VZzSKxEuNo
VsOp9n04dofCNTFn7XQ4hKobF5ZTVkIpsLVY7NE5TRwWis3SIfu4mPJUJnTzRpDu
8sciuMR5yaqZo+vFNgZQhbpvj3FVQDJw4KEAzcWOFQbDqWv6RVaJCNsB04uc37yU
1qx57zHXJyZPZ6kMzIu9nAmhBnEopYXyuCCQGCJJIwmR2IP/Ngyk0j6ThYPgp/o=
=7npA
-----END PGP SIGNATURE-----