-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-nodejs-14.0-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-nodejs-14.0-jessie-amd64-xen.tar.bz2
      b4c8ba347b0570a7c05a5c7aecb1481e

    $ sha1sum turnkey-nodejs-14.0-jessie-amd64-xen.tar.bz2
      abf8065762b86e65f647160a4936fd68a91e2d7d

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMdiBAAoJEIXCXpWhbrlNGt8H/3G5tbDbR0OrRVtSnJJTT4ck
DnvdhWfC7faGxEGSVF5NNHNF5efX1Pny1iD+woO8Dmd77C/1kXPYWYwTKvvIpThW
8gKO1zATyqRVJRNNAKJeHhMRjRbiUqdJbXrXQmquMIg3iYQa3WPDxTO4siUvEXJs
Mm/S5ZY8p4DVD9nYM9x2RlXn1O6Uaqv0qxLOs4iG31FMfHw2nNy+QBui1X48h9YF
oOvg3Ng5TMtWnazlImiu2ybOnZvZj9jHV4X+ihDG2mKdwjqOGfzHZEp5hfiARtgi
CO59QB+Z8JIvC5uKOgAIcJn0rQeBDpNnq28yU/MQQ9xCN7XpHduuxxmt2OMpSHI=
=OJ/L
-----END PGP SIGNATURE-----