-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two steps are required to cryptographically verify image integrity. 1. By verifying the integrity of this signature file, you can be sure that the checksums included in this file are valid. $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-8-turnkey-simpleinvoices_14.0-1_amd64.ova.sig gpg: Good signature from "Turnkey Linux Release Key" 2. By calculating the image checksum and validating the hashed value is the same as listed below, you can be sure the image was not corrupted in transit or tampered with. $ md5sum debian-8-turnkey-simpleinvoices_14.0-1_amd64.ova 32b802eec8a7f8341605b3bf7b704a6d $ sha1sum debian-8-turnkey-simpleinvoices_14.0-1_amd64.ova 8fdd9e7dbb024c734512a1324f4c1306ac1f0162 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWObxWAAoJEIXCXpWhbrlNAOsH/R0Y6UrkgELop6ntgMZ1uV7c qsKxufOI34XPmj2FyK4WDXIyPBCmQeikpWbX8b009rGewg+xfiYXyVsulYPO07jF Upd/6SaoH4hJLg/03NC+lRP3OpOvaTZHWbT6rxl9yaO8vbxIg8h6kf0LQmwVloON SaRX0UUnrLjp3bP9nj1kGTjvfrDn2FOxC5yZM1zkOCEv0P2t3AOLBJneoU1+xGMZ 7lhFPX7HiEuy7+D5lK2gWHvumoOFVQdsuD8OMgOQwmwWYjzxnp3RYPm8oCOqtPPA T7SGcWeA1HZQlRN4iR6p7sbEo7HQWJUyUCvWTF5IrPJVVs4mK2bgLDFSwny30Lw= =wTCZ -----END PGP SIGNATURE-----