-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two steps are required to cryptographically verify image integrity. 1. By verifying the integrity of this signature file, you can be sure that the checksums included in this file are valid. $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-8-turnkey-etherpad_14.1-1_amd64.ova.sig gpg: Good signature from "Turnkey Linux Release Key" 2. By calculating the image checksum and validating the hashed value is the same as listed below, you can be sure the image was not corrupted in transit or tampered with. $ md5sum debian-8-turnkey-etherpad_14.1-1_amd64.ova a0bc5542e70609a5c3764d15ebacbe65 $ sha1sum debian-8-turnkey-etherpad_14.1-1_amd64.ova a919b77802fca98069faf654ec934bdcf1d14ea4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJXDJnqAAoJEIXCXpWhbrlN5QsIANr2QT7ieeNB9DZV/Za/zorG 69trsVHboeKqLXHbB3XZErK8HGRxbq3UM1ASwjTeTlNNL9C6bsdnLyr96w5/OQO7 lzeKj16WnULiUSWiBXZsnkxLU7+us3kUEB9hy7umlSC8fjfZTqMjjFmaDQz9p7bK Uw68q4wd3/80Pu5ggCC2U8OXsBmIeAVJVMM3A5RMpplgHwQHM6CbpDgZtXq/svK6 H5PoloNcRV4iwHcY6c2X28v5vxpdW3k6lN0C/nBJ+GbOA+/9X7NZz3pnxBiyG+MG nMcZ9ZuyYiv+KwNUfTS5CIcln0D55ohyPQ+D8QWpTpvGwMe4zUrd3EyFgWMxuZk= =yo7X -----END PGP SIGNATURE-----