-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-elgg-14.0-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-elgg-14.0-jessie-amd64-vmdk.zip
      6fe6d0d029e9bba426eae73a5409a6cf

    $ sha1sum turnkey-elgg-14.0-jessie-amd64-vmdk.zip
      8a45791b43112bdbd4ff39c32c31d39359e2bbac

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMJdWAAoJEIXCXpWhbrlN1iUIAKbE0zCNG6bt7uMtU3uZ4bO7
lA1DD/nEqR4G6BtfMXbTt3IjZq7IBmIoLKk8SJHyJhhvFoW3oU83TdqCXbXc1Wej
9REIIlsce0s3eWuSSBFKiPkYCynLB1S6qx3/GbiUK9nSnkquZOKJprRr74aH6mJd
wrIjSD2O9teW6YGOV+PXnN4dppwQ1fPt7AWfGJEWWIpVtZUxOlggSPcAlm6FB6oA
T3eLTIEfAsKlx/Y6JoGNZdOnb0XtA2qpRyJ7hunuv/ciecbKHL2ViHoltBWa/11+
qQYUfZ80eQJMhTvoPzx3ZPnZCY5WLwo1F6XJQWwUpog62cBd/7xRFu7VDvCQFvc=
=d28Z
-----END PGP SIGNATURE-----