-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-espocrm-14.1-jessie-amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-espocrm-14.1-jessie-amd64.ova
      5a6e7245746c8a73000a9a788e635346

    $ sha1sum turnkey-espocrm-14.1-jessie-amd64.ova
      bb981380d7cbb8e114cad075d10ccbc17a9e4812

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnyAAoJEIXCXpWhbrlNnNIH/AwABm2mEftu5p7bvgjOTUdy
KXQFxA4684PZ3zElsJYHK6EQML2gOYwicqUEje+2/5UUKoRXBhQB+7CcdLGZc3/F
G/uNJzLuU5zyPSwZVZl2XcWZxdFIlaDbpHOh5h9w+AvslJOrJ4C3iS0K83ulNbe2
fNU7ZIukSGuQ9k/LKewMHdUZSfEkgj3d+xCyNSEiDMy8ECJSBJThO02uGjn99mXI
kHUE0/qeusFLbTrLusbZiFz9T5UeUfxL0B2kc//nyjySz5ANmoV4aWw+33rKS5XK
1D41qfNpxf9aLLk3ss1TZzUmuNhBpHiKv4EZI4yYCsoneIkeXPfQY+XcFbOlSZA=
=sUDb
-----END PGP SIGNATURE-----