-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-vanilla-14.0-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-vanilla-14.0-jessie-amd64-vmdk.zip
      d97b102bdb474debd33f067716c42a6d

    $ sha1sum turnkey-vanilla-14.0-jessie-amd64-vmdk.zip
      87b7c1967548d42c5f3d7651ee603f8201b8b639

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMJdaAAoJEIXCXpWhbrlN2sMIALzd9iYGphSTAshxqzI3N2v2
l8u0msS9Sq2xs4wxn7zG+7U2vzaW53P1/HrguE4judCpZ6llrqzMMNQhpoDxExSn
boQcrlXgW6MkY5iT6oAm6YZRsNZUfvHIm7SZ3Wbc95XS6UbA5aCDT8nzjeQujHry
dyeHMahtzD/K0Keg6aMRsaCcfzyA2vOGfTIiSUBqGafu9GL54zuIGX5xGvgQhqDY
LcD7b0A3gue19jMQe4a73Fq/D3M+S8h2Xb/15YUtnWfbfQhJNqszqAidsPG4fmn7
c9RfGT8DNbJaD/hzXFpLbY0OqIgUEy+fnEGZfqHAdPV7y+cOrtfp7NubIoCU0js=
=lc2O
-----END PGP SIGNATURE-----