-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tomcat-apache-14.0-jessie-amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-tomcat-apache-14.0-jessie-amd64.ova
      3a1754d9e4a818aa1cabdc07a49beeb6

    $ sha1sum turnkey-tomcat-apache-14.0-jessie-amd64.ova
      de8b1137a98af003fa12be12d77431c9b3d86a89

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMJdaAAoJEIXCXpWhbrlNwawIAOArQCubC8Deb3cGiKdvKOCT
zlHVywly3tTKkujJ3thC1w1pb8FRUPTlby7jm6x6ZB2/NX7pcrg2jpgY9iAWKBvZ
K9PBCoMgmsFfiraDbGrnzXPjrX8awnuzTPPA62qKWxQtkV+tAgHp0YUx+9XQoa/0
LQy54wGj7CiWEpT8lXz4sKHI7hw4o6aCXAVhtTrf1kDQdu8q5C5hjhLrWZWRgnBr
mCW2NFfIcmLEzBiNVnKfbBR2RkG7zUMve4Y1ENBiQbr+WRnF5aeFjK2U6/e8m+sb
CE1S7asF8nLgvbMQXNbyV32RG5rIcSxYXyQp98plEQiCHW5xaIx6zq51g+M1dl8=
=1Us9
-----END PGP SIGNATURE-----