-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-observium-14.1-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-observium-14.1-jessie-amd64-xen.tar.bz2
      44993aafdad1fc1460b54bca89922e20

    $ sha1sum turnkey-observium-14.1-jessie-amd64-xen.tar.bz2
      25c5e67c6c37632f314f42b76e2cd2e749ff5d4e

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn2AAoJEIXCXpWhbrlN2c0IAO0bEPNwxav8DrPyIr0TyOGP
ifqEL1lrmxGl4jcrzhQ/2ROQpWR4f88/DOnVYJouXpK97uG7OcHp5JBDftcocNno
QIPVAmfSBwrOz73ALORmNsTcV9YAVUboiRkBG6iphARj3l4+7tMSaLTWeEQ2NUbW
1ub1KUwbTJUm/J6JS5FRznDdd90Js2WOpg0gsv4ZA4fu0hoeQhejfsgYQWhS2XDD
aWKrFsmy0FFXnHFBXmLPcaA26wJepj7abmK2t4NmcNU77cw/BPq3sPUbz/RBhssT
0U4sJFBHg652vlu8soM3H0C2BH7vvIybz2e1y0uNL9DnPKFLteg0M++8I0C6FEo=
=3zOz
-----END PGP SIGNATURE-----