-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-oscommerce-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-oscommerce-14.1-jessie-amd64-vmdk.zip
      20f8ebd7d504fc7184ff1868a79dc910

    $ sha1sum turnkey-oscommerce-14.1-jessie-amd64-vmdk.zip
      72a7cfe900fa95b238c250cc00da5832e3a3844e

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn3AAoJEIXCXpWhbrlN8GYIAITPvhva3hbui9OKzm71Yrf2
3XDbCeTs7czsCgThRYb0n6A5G90hba5Lp32MqtSyWmVqCCNXmXV1DwMsM31hX2Ge
FCOS3t9YYaJ07ye7Ti2sGiXX5Tl/2TetTr1hs9TSEdQrZ1x7/D5S5h8J4HYnWyBO
evmOCxsVJQs+RDpp8vxUGehwOSURdPmpfWGgiOskZv4rtAkQDvq2SSgVacJ8WQEe
SObk5pzMUZvwlIOBKwVuFhWcGPFUavu+06B1Bua/9dIUMwDs7djH6EEgnAzztQlw
hoKJ10AUn2R9JtNI698yHHG/ISwcHvMLIRmZ0mwza/qZeiJ9TtgtSFzYDikUh+E=
=kTzg
-----END PGP SIGNATURE-----