-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-web2py-14.1-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-web2py-14.1-jessie-amd64-xen.tar.bz2
      ff9ac64c7fc2cfc4ddc82cc5ea30ff2c

    $ sha1sum turnkey-web2py-14.1-jessie-amd64-xen.tar.bz2
      23c45f04335c78c425e46b1cfce7b0572cb5bcb8

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn8AAoJEIXCXpWhbrlN6tYIAM7XRxBpJH9MZFzAZCldchWe
Osx2v8Avc9KmHXqCYZUBO8Biqk8OP6zNyWOfRMlK7fvXfD9Gje6LYYytB10fnexP
Ksl0lAtVuqHsFdBZ2orVuAXc326y0Pg23WW8HK7dM5ggNCu+cgm6Gj6PWi8wbaAz
s7e7xVHSsHBUEcx0YN4PTz8Lm64yP6elCEY9zP8rO11Ub0pfadKiG5Iise+pQJOg
GrvLcY3i7/d9OVqIRSAYbfiH/+vl2tdEEpKD4if6+iNv7BoOmI+WwdsQd60hG5h2
vLrk0qozAlwyuqm/X3dm0mlgIdZbe7mxU/1XyFMZDTHhtQ3J2xn4N0OyeS8g8xo=
=X1Ge
-----END PGP SIGNATURE-----