-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-mongodb_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-mongodb_14.0-1_amd64.ova
      ffcc43d59760dbee79f3e29efdcbb94d

    $ sha1sum debian-8-turnkey-mongodb_14.0-1_amd64.ova
      dc21fc3ea7408c8c65e880149886b5f6cde4c3a4

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWXYG8AAoJEIXCXpWhbrlN4sUIALArYLN7TcnyuMLDP924TQIe
jgrssz0hJYl3AhR2xU5XfYPvlTmm3ssXZbLSZ6cxzrSVIU2QwK636boVW89GJFiJ
a08mxPymoL866RA4uOxYZs2FoAMaoUli9zpkMFZ9DbXFQNdgjmcisWeRRZt2zMaJ
dLkhH4sMYWWCHnK/CPshSEDaCaYnaGlBqVrE4lpzohQGjvrBPCOI124f1HMEfHqQ
DhgB1a8w7/3/B6wzx/llYPh3EGkZuDQc15lfKvSfXoTLLdMs1uiRRzNbK0fCSHTA
ktgP+kLfiilI3OTNdI7FvQcIxBTya0CyDIZFd1R0uj6EuDD3f3xQ1B7bEOJHZ6M=
=dROI
-----END PGP SIGNATURE-----