-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-gallery_14.1-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-gallery_14.1-1_amd64.ova
      9dc71e401c3424b1deaa03f4e0f5be43

    $ sha1sum debian-8-turnkey-gallery_14.1-1_amd64.ova
      3031658e40d615df4858b62a3c1aa22219be95e5

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnrAAoJEIXCXpWhbrlNCNAIAJa05fIVlieLhv3sF/Of+PCe
QOYzTFws7cymvZprmeaz6WcN2DzXGHvQM4BM33Rp409MXyYQR1S4YB5hgonreahT
BLk7ZL9ZVjIueIROOGQRM6qtBBWdYuaBOU6pxvhx/+FmTPgaFnfXr2hAOEBnJeoC
LKu438KnTDeb5dtai7dU9V5Wf1Ap9AJPAM7o/Ez+9YP+x1v4e6/+F16UzfwN1Em5
bLE71xStO9LihopVDBbQoxCPUEVKPTi3rlu/L8qupMRDxra99nMc3W3v6Mp9L6rr
QmJNoOoWExQnvqEgeymztMi+WbgHiYipYffSZcxH9nU6JWibV3zVWgLC8wCLA/A=
=veVn
-----END PGP SIGNATURE-----