-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-redmine-14.1-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-redmine-14.1-jessie-amd64-xen.tar.bz2
      26e8945a28af9f9a475a0d5e75556d40

    $ sha1sum turnkey-redmine-14.1-jessie-amd64-xen.tar.bz2
      66289d154ddc2f6dac35be02cdae5f8824a0a60a

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn5AAoJEIXCXpWhbrlNaJIIAI+46y7LSgJb5ZoOCJRJScO1
K8D0aV9MpHZ1H890WBrc13YZDVsCh4/M7vnC03/66g067lFksLKSHDG9rFpb5cm8
1bQKZtAtJQiGC0XUTwCbXA/XRBovtcj4JvaC+9K7kvna21cXUUy7hI17xY62OjTT
dkwlAFoncMcRLgjr0QMoQumZOB+wN8d+Av8egYor0tp71sbMQqpIK7KKxVWrviEn
/2nTfSJzToMWwOtS7J+S7izpTZGZ0U7KTeDN0M3Z2EPPOnsvF5/C0iqwymkZaMM8
TqJR8S4deX/xQOMMWWeAoyxerM0RYFzxz837vgkNjoX1F4GjqxTO9RjIRwv6oeM=
=y97Z
-----END PGP SIGNATURE-----