-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-orangehrm_14.1-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-orangehrm_14.1-1_amd64.ova
      15bc226ecdde7cde373143d8bfbceb7f

    $ sha1sum debian-8-turnkey-orangehrm_14.1-1_amd64.ova
      bd54fa128366741bef127d08651eec251f60f504

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJntAAoJEIXCXpWhbrlNWZ0H/2as15N2juTxPnWDnYy5J4Z+
SzTUSDJuXswPC5uVfEPY58vkhk4L1+0zpHqJ7z0Jebl295b+lSl753y0bhzduLbf
bdtnfgymb7NiHGHPMAgL4ReXaEHAaVUf+F7r3SNm2sEB7rwad9orfaUS+mcpAv3U
p2n+mGE2+GZAYnkkI3uKQ2p75gjWpP9PFc5tERUy46DYTCKbkpIalPU1XwlW5Xx9
fowSf+T8qJiAsTbI7sCv5UmWJ83ihQm9X2PtsIFa5bInemRgI5IqlOM3EC2GOKIR
fdiqog0Hp0/zFXxcjNlW2mLW75qrxnSdDbj0rBHiVmhB+MRYvSi+k+lAXvXicmE=
=n+e2
-----END PGP SIGNATURE-----