-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tomcat-14.0-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-tomcat-14.0-jessie-amd64-xen.tar.bz2
      9b5da8ccc649f4021b802ad95fed3983

    $ sha1sum turnkey-tomcat-14.0-jessie-amd64-xen.tar.bz2
      5c32af2ea626f584e8c3fbea267208259d1bbc3b

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMdiCAAoJEIXCXpWhbrlNci0H/0w7uLOr+L31lkLxd8rqvfvs
Gl/mkLpNXt8Sic8jctpGj/OXd1mQ7vo4bLqpHbct31YOsYllBeJ7NiTbSGGmNAyH
UhtCyyFHwXPvxVY4V+7Sq+62xph7xRwFX67ypUIf+xNf+SbS8ptS1cESWW9rXN9f
tAp9gCuwRUDdH+KNRbQxzSsV0DkGHsdwSwJRD5ygu4G07Sxy4VLuwPu0UiLwG8Oh
GF82+i3SjpwHw/h+RS+Dt2ShezIeeOuzGvaplcsG2XqUZhaN1vDB1aZPMXKo/E7R
H8rlrcTqz7zj8zxMsyU7YpAmu2/K6OBFOYPsvve1XeUQVvPw3LhAyLlvn149scQ=
=cawy
-----END PGP SIGNATURE-----