-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-vanilla_14.1-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-vanilla_14.1-1_amd64.ova
      4f4592a7dd8141578549e4c45c1ed9ad

    $ sha1sum debian-8-turnkey-vanilla_14.1-1_amd64.ova
      b3d7c0f20d4f7f54e648d4d0d39f4ca8058d0e43

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnvAAoJEIXCXpWhbrlNSrcIAJu5vvx0Epzjsw1QKFyPdSB4
SjVumhTkhoAjprJ/tIEiVMNdb+IWrkljDSSi30WKWfm3Ql6qTywsD27ezCv7n406
Mx8Y0RH1aXf60ZNJRz90qu5CSZ34QAVG91HVXzJLI2yLC17uyPOX01TnZ3LZvq9R
LWX9zF/mvWVftyYTutDHKcxtRO6hQAHxQdvAlOwAg4hvwd4fEXALpXPZTUgTpzSF
JRdCUmXGV2e2Dbcwsxxf1t9z0yGe1Jo9tsAx90V0DkqSAHSw+jfFLfPF/H3e1ao+
+hKWzOZEiUvF8WLllqhr4rfhN0rLpwiRTMpAussyqwFR3QexB2BH5OCENoJ+Hqo=
=WDEE
-----END PGP SIGNATURE-----