-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-espocrm_14.1-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-espocrm_14.1-1_amd64.ova
      b5810cd9a89e8035a27f2f704b3b7833

    $ sha1sum debian-8-turnkey-espocrm_14.1-1_amd64.ova
      c8529458a4f7ffd8c7d526a7582ab5539e288273

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnqAAoJEIXCXpWhbrlNzY4H+gL5oV/SvX9xFYAf9BfPeoFZ
qUU+qXwp3jK8wE+eTSfCGGRFj7RBgRBaiWiygazzgT3LbgO8dyMjtIUdOoPeWo3r
WLsaYm6tMK6Nwa3ci9LX737Wnn9NKO6W9l2QXVwQPwYiH6nE9vptYHyAy1uwU8pS
mgezcaI2NCoVqjZLqDqXtywlefBwrOiZO+M8Zv/nsvSxc00ClMUpRLSwc6jUluj6
Jad6iUAE7GrbsO4YJQVT5iF6s4h4BX3gGIjWd3SMkHev2hMLlYpzadxJr/Q+GdtC
Me72mYB7y8qVMziZaW4MvG4SW8BDa6eAVhmL2PwYTtObTDwwPjapDKAep2DJhaE=
=0EKM
-----END PGP SIGNATURE-----