-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-web2py-14.0-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-web2py-14.0-jessie-amd64-vmdk.zip
      5a553dc6861a5e770eed7996e36799d9

    $ sha1sum turnkey-web2py-14.0-jessie-amd64-vmdk.zip
      315bdc7a52d97186e009da81c04425b8c217317c

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMJdaAAoJEIXCXpWhbrlNVJsIAJCyUNxSO501Pw8T1vuR/Vjp
snCzt0YYF36IXVdfnNJprIMrDcLSLIRoabQGGWE7KEVNIeSTy4c0nRd8Qti/bQtl
ABVRS6JZjq7l6Xf0JoDQTZd/GUYQUgRqmzaS2h2trIXoU2Z2Gpa6oQiqnYhhT7xs
vKDWZBu7W2zTXYe8y54aPUWaUANEoR+boAjp228qIxc5vU8S3VeFvG8ANGDbgwc2
dgBQ4X80PnO9G28s0oGuHRv5Z+r/Wpa/oD1Sj68iX42WQH76hWDkmB7WtcNz172h
uxXNCi7gQjX5k/Aw8kMH2YBvoHxWkO8GtCBcfpAirFOEFUE2zWg20OD5GBOgt30=
=SQ6n
-----END PGP SIGNATURE-----