-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two steps are required to cryptographically verify image integrity. 1. By verifying the integrity of this signature file, you can be sure that the checksums included in this file are valid. $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-8-turnkey-lamp_14.0-1_amd64.ova.sig gpg: Good signature from "Turnkey Linux Release Key" 2. By calculating the image checksum and validating the hashed value is the same as listed below, you can be sure the image was not corrupted in transit or tampered with. $ md5sum debian-8-turnkey-lamp_14.0-1_amd64.ova 719230a1429626e397b881bb6bddef46 $ sha1sum debian-8-turnkey-lamp_14.0-1_amd64.ova 88027c5f3d2ba01f8b439b258fd4f6187b98bb83 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJWObxTAAoJEIXCXpWhbrlNNzgH/iRpikrNpmP3qYcB8D19zotg UlzPPscdlO8g2aUGdrqKhaey+MNn2C1CWszLtZhil7dEEF4JsWjdUvsgL8zEzGpo +Uu+gqh6AZzqoS3O1W9wWa+7eP875A0hXx3z6f3aI2Njv9R8kYr0pQPNkRk/1mYq 37l0uH+jcMjG6HO82Omslabtv0pTce8DG3uGR24gHFLEgisnZj7cL3PCMCiFj/WX XzNSVbKLXGgFW86b3Q8MgnPfVLU+zGNYiPuGM+tDpuHX+5sMlDE89o7eTHNT2sUt 0CaESD626UibDKpo7RhaFPeK/7ijkVMInrr2NXwUs/DHd5Xf1Iv3HxQdl5VKElk= =JncZ -----END PGP SIGNATURE-----