-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-trac_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-trac_14.0-1_amd64.ova
      f5db00b3d971adf0fb7c63c6518be69e

    $ sha1sum debian-8-turnkey-trac_14.0-1_amd64.ova
      ea1eb823ee0684db8dd1f6188202d00eab0cb22d

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWTDfIAAoJEIXCXpWhbrlNZ/8H/A/TSsI92I9bnwB/cbuH0yAF
nIwgFmo6R8rS7hqJ9IimvSAmzg0ZQFGwli0xZuzDp2rgbNGXaQU0I2zDB0qaSh5q
00LdoBIY1HIj7oj/04ShDPZTuRGfMcGk+1Tclt8xcUJfZbgFofSlseZjeJ9miL74
qVaLue3WZCnVOkL8maDRRrB56u/Fj6UcGAVT7qjjaD5ggeMGnY2zq1WI57uuOImH
970RDHbxiXxfP9P3s6Awa8PHJP5FuCuNISDGN8PLVezz/HdqNGhvhh/mpeVPCvRv
RNIx+KMrTV4x5LzbJUlEW4dFuxdlMyaa7EvYw+eeHW3aGI1UhnOvv5cp9VYicio=
=lBc9
-----END PGP SIGNATURE-----