-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-trac-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-trac-14.1-jessie-amd64-vmdk.zip
      9a0a4eb3eb3dfa2609b2df7c446b9f08

    $ sha1sum turnkey-trac-14.1-jessie-amd64-vmdk.zip
      a8bf8239245c68a7a73a684244fa23adcd66af09

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn7AAoJEIXCXpWhbrlN8OgH/0lrekSm28GIRgsRdfUquHgK
OqFU0vgQTpF8Er8bhSCSgNN+O61qxdE6M8T074v2V1QyQLdBCdHX4DT6dtPuvj25
F7rTUM1atDjMmv89ABoYrfnZ09fnmOUSEvEMURiWCBvmG102G7jsQG6kbozUlM8z
F/oqGb2dFqE6EG3UOmqhPMeUMg/F4cpgptkVZZMB2aoRGBuVElOGDu64OnirjJ7M
GENovZtYhUGgUZQt3b/zsgwhGLaErEMKjtzCglVkz9+q2mwZjMGDDYrlmhCKGJlH
T1xS7Iusj3LDkWn0spXZhETYeLptCUapxzXtw61LmCEY4BUYod7trWL7lCn6u+U=
=/2RF
-----END PGP SIGNATURE-----