-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-espocrm-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-espocrm-14.1-jessie-amd64-vmdk.zip
      7563126981aeb56226f64e47115f8ef1

    $ sha1sum turnkey-espocrm-14.1-jessie-amd64-vmdk.zip
      439365a2963f3a7c5a1156b31b798d42c54f52c8

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnyAAoJEIXCXpWhbrlNRYMH/1yMpDv0YM4Vwe0ov5U8NiFV
tQupWAuCunJLXB3hqSXU8AuVPykW/kF0BLKZ5ma4FVZQDwGdATlSfPynYaMT4oWZ
NnwFA2BjdijokzVtUM4PENwgsWPWRxDfxxqhaYUl1Vub+ov9j4OV0MQjQPLEFfEk
aBCwpqqW8NKeLJBlMgXO++5oAJ4FWaOj2d2zTeIHm4l3Pyq8X+KfBbDJbS8AbYcE
w17cS3HXvAkuT9mh0w17DjezNwcz0WVSZ4Wih8AR3jOddje5lsqvNPTZy8+2r72e
kEtRilkbAV/cG6XZL7skGU97S1rrDhSr18OfNvesJ6usLiGFSqGtpLVkq7e1/ik=
=yPt1
-----END PGP SIGNATURE-----