-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-nginx-php-fastcgi-14.1-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-nginx-php-fastcgi-14.1-jessie-amd64-xen.tar.bz2
      872fc4893123275059a1c816e7392888

    $ sha1sum turnkey-nginx-php-fastcgi-14.1-jessie-amd64-xen.tar.bz2
      3cd5fd2b2e27c40e58a4e27bf7a847c0aa5ec466

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn2AAoJEIXCXpWhbrlNPCIH/iMfRS0d3YPfs1tyiX+f7zhh
bOY3bMR0XLlwuryoh1g7Hy4RqzLY6A783GB/U75ZqdskOSD7wxZY9RuA/Ld4qKBb
AR7NE+6Ac8/mjA1Y+YN6Nvy3tvWmwMXAED+mi2MaosD9Rmv0bfMpNwCQ9uMBlTQZ
kJcbTPnjnRzGdhUZl3PCX1aIgzWxsLmh3AwlIxh0tAr4q9gvMIukhjl1hO6a65f8
J8sFdvdpP0fhS7ytrRRNEFatYJX6zOurJm8nNR3QdtXeo7ToFQn6P6S3+4qY19N/
qPeYIqghXbrdwEkBXSS/1ryu24mrwmWdZT2tb7L9O3FBYahMJ1H76QaOq1TFung=
=iR1h
-----END PGP SIGNATURE-----