-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-fileserver-14.0-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-fileserver-14.0-jessie-amd64-xen.tar.bz2
      c7b7bb2800da9b995a90f54f78280fc6

    $ sha1sum turnkey-fileserver-14.0-jessie-amd64-xen.tar.bz2
      ed047dd05d88d04ad30f604a7302c9f30a8dd219

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMdiAAAoJEIXCXpWhbrlNf58H/j+n/4wAECJCL1nfxZsM7Jre
OmPfKts2NYstJBUk13Z8PR23bAiKZvAQMugNkJc4srGlqY95esnBZPjhtFqzowYn
9ApCyDmAXnV6MAV9EyyAxZ08IYtUSvQ0P0YnfonxU/IRebird43duV1FOsPy19jc
JiGxJ7U1dMEQXzLFnk2GfLpQ6sHzOR8eJovuoVLtUNvp28fjgWlhWMp4JRuFjycL
jwId2ELfpTOasXX1Qqzhj02PpHBJg2eFBONOYzSE8iD+e9nlz/pvzHRDC4kxe5DK
Ol7ZXEkYPwQj7fN7hE92ceWdSRVE0EWsjw0ReqgVv0Gh7iszwuQR6qAg12QElzs=
=hfbD
-----END PGP SIGNATURE-----