-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-gitlab-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-gitlab-14.1-jessie-amd64-vmdk.zip
      e80f24ddaa5d26bc2f81c672e15f678a

    $ sha1sum turnkey-gitlab-14.1-jessie-amd64-vmdk.zip
      1d32b293d5e76fb94acd8639a3a84b3e583f5cc4

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXRb5nAAoJEIXCXpWhbrlN99gIANHCZR8t/AHIwOY/b40IOaUx
1qTCs6VgHyM1XzhOhcPVn0hmwM7PbX7xsrANDcfnLJsyoz9ZApbWkCWNgGwzGzlM
M1m2LogpINIZVFR1whWIxrue/4/CwlMT2qkvaR/AfkxAmNhozgXrIKxi4wHPM3YJ
2Lx7CpnUT58DD48KrlJY6TkKx4oH3bcMaIhKSov5JiDLZCBFXhyLUhEIf5jfIKfc
MLycRbMkxcyDP8YwMcUdEmxK4sYKWVF2Bpt9IndOKonKOsotCoHNhOYK9l54oE5Z
v86V5DqyuOTiHMaWNlPUH+1NI0iXhOmnw/wAVlrVyUmFVCMpnamCXm8WWJLKPtg=
=ICKL
-----END PGP SIGNATURE-----