-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-fileserver_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-fileserver_14.0-1_amd64.ova
      cf4633f57feab86d5bb177946ffb4ad8

    $ sha1sum debian-8-turnkey-fileserver_14.0-1_amd64.ova
      67ed9b0d09e1391656e4f2d4f62b3de11376e764

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWObxSAAoJEIXCXpWhbrlNDLkH/1AD+RZpKzuKeRdb1O0sM54s
6S+hjUh1sdkkBy7JNAKp4sJXRfe7kMECvK7gvS68I8qoOMkPINh3gxYulrP7eveq
nyPdvmlZBCBuAG6onkg1uznGvj5C908W5TXZ0kXCbN7Bn7QIat3o4JZMCurdTTjG
srjrIlLn3IOzMSr3aw1piQkDIL6Fi+J13MLRNRZe88IaBUnXHM4M1z2Fij0ggCw5
zkgtEEwRNr8765Dm7/ZvLx/GltQ7vP5/+wcRanHZ1xSWxQNfa3NQcCjH4DgVnPFm
xyd30rgRplHJhPEXnrGHTlAw9RAVgcsJNNDq0NXNI+M6ALMfGaiuBVMwNviPIw0=
=LaHD
-----END PGP SIGNATURE-----