-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two steps are required to cryptographically verify image integrity. 1. By verifying the integrity of this signature file, you can be sure that the checksums included in this file are valid. $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ushahidi-14.0-jessie-amd64.iso.sig gpg: Good signature from "Turnkey Linux Release Key" 2. By calculating the image checksum and validating the hashed value is the same as listed below, you can be sure the image was not corrupted in transit or tampered with. $ md5sum turnkey-ushahidi-14.0-jessie-amd64.iso 6af9712341c098c5b543895d454f8963 $ sha1sum turnkey-ushahidi-14.0-jessie-amd64.iso e56c1e0b1eb6bb9538ad3509bb3e3f3f623291be -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJV7BrqAAoJEIXCXpWhbrlNtOoIAOuKcf2/FL5UVHOokvzV36jQ OAsGhzlqomv7YM6QvedVfV0cxfrYZMhcjs7Xy88mVZEDTtk0xVk2Q4eGHbCd+twU VC6mrRIrMbHDmLtWBTJuHSsTBbly1Rd818NBYad/FhFGCDZ5ZeEddLAxgjKw2DGT dDaojED2oOqm4SKI4PnD6OZ8XQ9qmnvk8EWrdAvDJ5SzJLgqTW9RVVd50ZECNdX0 jUPt51jcRfrNl8+5YY19p21wam2JseOnhxaPzgNkJy9X/rZtMd8lkLQ62KXAgJuY Po4eEKykRPT6I2saSlx7AlBzWRACA8tICtphiU9ae6vIvokkChBbGxHaqAh0gQo= =TCXQ -----END PGP SIGNATURE-----