-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-xoops-14.0-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-xoops-14.0-jessie-amd64-xen.tar.bz2
      9469f3a0ddb7fe18b15b33b33cea1ffc

    $ sha1sum turnkey-xoops-14.0-jessie-amd64-xen.tar.bz2
      7e64d45df1103082d792683906dbc114e3a98ca0

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMdiDAAoJEIXCXpWhbrlNxEgH/37OErhd3/0canMkNaFAm0fE
HlJ6CJqgvv0TxPV5u6VwKuEf1SV4S6mk7eB+DfGUmH3tYMYd0XZbBBUGJL9QW3rP
cRNhRNPzbc/O+D72beFgk+0/slSafjOgmTM09V4POLAKkt6lW5glJDcb1ZMcUAHG
SHwjo6hJFp+F5ovu8clZlNOEOMoZjWj6LDoLMpzT2kgKePrF6alibspGndHyjNyd
LzoI2iV8+7MT2CkXm0pneWt9u0LQsCE/5ttxVNqgpa7AfenPZfcwAG71sW4DRI0F
XLq3qKnM3rMA7JiZOz3vJgkT0WD0V44qPNk8dJGlqwx6a3IwTSDpX3KPgZ/W+Rg=
=z9V6
-----END PGP SIGNATURE-----