-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-lighttpd-php-fastcgi-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-lighttpd-php-fastcgi-14.1-jessie-amd64-vmdk.zip
      fc0ea57d39836b8523c5117a4b4b4d07

    $ sha1sum turnkey-lighttpd-php-fastcgi-14.1-jessie-amd64-vmdk.zip
      8770b931163865addb447833f1a40b074a000286

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn0AAoJEIXCXpWhbrlNnNwIAMsTp/lUcpykxQzgK8VAR4pA
EjDEJbP950B9QsTHV8W+nbQw4Ixfohah5HBN16IbMZ/62ne10G7jEq9vvTFAHqPx
hBLiirgoqpvKxd6/NRWDFcIFDkHKPQM7eTOVa/wM1QJOiQxnTttia0YO5WUavsPh
AVWM4ctCb2QCl+Sp20YTYpKwF1lZ4hDj/b66fmoKCwMuxE/nxgtKzSjYvIS42Icg
CUei8vlBBQ3thwgOsbhd+DMSx0BRBvzPHkcm2LS7RuH9EA8wE2VJev1dit8foRj3
HgCB0XJS3NFA0w3VrR3OVNmvPEMQr2xiQ7fG7oqct2cAZTakPsQJmtAv4SvdUOk=
=T7m0
-----END PGP SIGNATURE-----