-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-yiiframework-14.1-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-yiiframework-14.1-jessie-amd64-xen.tar.bz2
      1243a75bc68bb54956e87f42184b8bc9

    $ sha1sum turnkey-yiiframework-14.1-jessie-amd64-xen.tar.bz2
      50398984dd7f5e0a2bc8ff72b38f009a30a28d73

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn9AAoJEIXCXpWhbrlN5ksH/1iZtC+QzJeNhCqudr/Uzxho
y0zNMGhzld+C9DyxUCosEnPaYaG0LQQOSP2Bw+eZlefXoaoRR4yNBuXqElSYY0Ry
JrZXbd1uoqpVit1NIRtmpjW9aqDODvk4XvPEGYUxQ1e96HjFA5cOxLIfrf6yxS88
O/PGB+nDV769rl28whr5gzXvEwQiP4gvg6C2lfS0LInpYvKzKTwGeIICPYh7LLSq
DSli6HcpTQpZlVstDAztqOLXvM2GV77cpH1ZKfVDiQ5copqa3hgP/zQBrssMp7au
xJiJSndt3+/WQ0cmNVIgGr3QX3Tef11Yf+iKHp5fv6PXkfoZSXg7MV25CUIORz4=
=sG5x
-----END PGP SIGNATURE-----