-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-nodejs-14.1-jessie-amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-nodejs-14.1-jessie-amd64.ova
      d8eea2bd3c3d99de21151ff85d3dbb5e

    $ sha1sum turnkey-nodejs-14.1-jessie-amd64.ova
      1f83eb48d3018f9a592c32df8e2a8a370e5958f6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn2AAoJEIXCXpWhbrlNUQIIAIK3JZy4Agq2qmjv8Q9DQxGQ
s6mGIioFqFAI6wmfT8pxkkKGdZ9l0VB+vHaKrku38Vn03rXAK8EFjR5rKB04LYNq
PDzDseVJaZi+JHzHorPf/ovS4Cd8WtgvwfNgPqYAE0z0jm7sE2qdLo7UWU6RXUU8
UkVfyBggBxqUMbbUjWUaYjm+nTdDp6PwtAXrr8NkOBLZAE8rI9rt4ZG8Mtt/vYHD
fJ/7pGfnFy3G0tYcGz7bGJtocFR4XyutN5xtniql1YFMZAwlSWudaZuyBZHyn8AM
YUuBwZI39QiV43WQwy08zQWlR+9wwqib/boNxJw2N9SpuC0s8hHv/NtwXHF9iHY=
=m+2I
-----END PGP SIGNATURE-----