-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-sugarcrm_14.1-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-sugarcrm_14.1-1_amd64.ova
      e5a17d31a8d1c144769989266e66887e

    $ sha1sum debian-8-turnkey-sugarcrm_14.1-1_amd64.ova
      d7bb543e9c52e3e5b156becc964ae12c55051a5d

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnuAAoJEIXCXpWhbrlNAg8IAI+K4eWrW9pDFvn4vpCnEyVf
XAYqtCbCRYGg8ruMqx2ZGh3XWo5kMifZA2OOrKLfgxrro9PURoeF3Tr65/WXbK1E
NxSigfTdMfo+GF+6Fs8n8+6NfLP20MOKu5p+21uI4106DBP+cPU2ZHnqvHguYvpD
nCEnA+n5hx3s2se/edbklVcSdUjm4dsy1dT1hGvN2nsUz59bUUNwARHwynUSek+r
pqbZOTZSjPpE7978eF5d6VaWbltOxuMj2YPCUiXt6nilkzskEsB5tJlx4uYR3QjQ
b56eOxtJtxI2lVLnRlAeD219LHq1jE/iq11xDF2pkP9b+27hFvRKa0ho8Rs8IXk=
=cOtG
-----END PGP SIGNATURE-----