-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tomcat-14.0-jessie-amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-tomcat-14.0-jessie-amd64.ova
      f337ef80be9f0a408f07755a65061076

    $ sha1sum turnkey-tomcat-14.0-jessie-amd64.ova
      ab13095d0973a1f0367f191a852d4feacddce8bd

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMJdaAAoJEIXCXpWhbrlNhLUIAOIHoMewfjyyYjCJ6eglA5N2
TLCDmLzB2Q5eZuxj+HQwdHjsWeYIh6EjtJnJerpJPlpBPyXcN71/19R+2g9mgTOJ
qVSyO03f72PggPQDVjqEn4o0Y4NiL1fF5jFiHtE0mZIOR0Pm5gMHu6IaHyvfPzMv
wOvZyIAESSEudtNRmBIoVJ5uMrYPdBfAeFq34qZz0FGDEuvtwHmhTtuzgyjF6fLs
e8De3EJ93NrcwRuzYSkWkw/s7jNw611I2zQZBKutDBYEFCg4lZX5ea0F4kLV6Aln
kHusIJvpyjTSaiXIwFv144PDMW9x5pF/n1U1Q2IAB+2xQjl8zYp+Z9gg/5g15io=
=3Nk9
-----END PGP SIGNATURE-----