-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-orangehrm-14.0-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-orangehrm-14.0-jessie-amd64-xen.tar.bz2
      96554a5a3e6dfc3e505f5f7d58f744ab

    $ sha1sum turnkey-orangehrm-14.0-jessie-amd64-xen.tar.bz2
      f6ea3850ecf75752f51a57c1d96ca9a2fcb3aed4

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMdiBAAoJEIXCXpWhbrlNH+sH/26CiBUUPlKjFE7MOibrVh2z
h7gNvNGNvS2Sw7K2aCNLv2ms4xlKwCnz8doS6ppoHSDhNpZioLkS8qoebeudtAms
aVtTvZJeX8p4Oxxws1SV8X3mj9eBuMWNJiiQOnzCAaJPjy426B2Abq2gND/hNrah
y+tFi4vxPXk2RvvHpddBx37LTBZk2XwWJO/TytofWgfYIwplpw5msnhA2vxx5xSW
jMSEiRc1eEzAdlEjZx5oZh2qVU8KtsE45AZCj78bK97ocdW0uFqvj1PWirqkB9gA
IwEyijUqX71KiT0NXkUolbyY3vHaf/rpuwG/iqURrkBAtZrcxZF04Q9m9JX/LOM=
=5sTe
-----END PGP SIGNATURE-----