-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two steps are required to cryptographically verify image integrity. 1. By verifying the integrity of this signature file, you can be sure that the checksums included in this file are valid. $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-omeka-14.0-jessie-amd64-vmdk.zip.sig gpg: Good signature from "Turnkey Linux Release Key" 2. By calculating the image checksum and validating the hashed value is the same as listed below, you can be sure the image was not corrupted in transit or tampered with. $ md5sum turnkey-omeka-14.0-jessie-amd64-vmdk.zip 5fd2ac3ecef558f55a497bd22f5c2e37 $ sha1sum turnkey-omeka-14.0-jessie-amd64-vmdk.zip aa0d138882a973f40ab4d97ac9e0baf9adc11611 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWMJdYAAoJEIXCXpWhbrlNLGAH+wQ7UiY2O5KbJL5o6FZmBnFC 6ZVY9s/xfudyPuQFKuMm/xn8KdfbU+ieETswu9POzp5gobu1g1btAMATiZHXzkkQ 3tedcqL8Lg4Kpf3D9H0Gg9SvRAK/aUON1QwMe23IOQgfO56/Tb3spk0RH/6giAmc xd9dBkE5lczH6qsNXB2UdXwyD3QpSwVunkOsKefQ2O+TJKIHACHrPlBjYyMlu3Zi EpXjgzsjDIU6KMnxg/cnPEid0LtPR6tRbRNQGsspko3dzZ6ev1zQY3NpsSDsNG0e EWA3wDMeNbehYMlZB8cSWzVZW4id3tOVPAKPKDD5LN5WIcB37EF0hFI9Wir+pwA= =ETu8 -----END PGP SIGNATURE-----