-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-canvas_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-canvas_14.0-1_amd64.ova
      bc660a87ee557d62a02d452e9167f1cf

    $ sha1sum debian-8-turnkey-canvas_14.0-1_amd64.ova
      661a197b4f471851f3692a0608a5d2d1ce66f7a1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWObxRAAoJEIXCXpWhbrlNEZ8H/3oXaKyZxstffEi3yZFHD0di
lz2JEknCUvA0SOsgohieZ6XHNJ+7/FPVeOqWl5zdaoMzO6tY/ppw7yl+hQoTsfkd
7ttUmlFyDjLnUtfj5w5BbE3R1msitDU0GZNptGGDxz8oQI5yJun/YCz6A30D0G90
D3c2PrRSx5hIPyPVnxEWM7/bLQIHo2cjhFieSUOUGUkq67+oAqnn2D9C0jEcyf07
njFWbTQi6m+t3Hc8g0sOy3w/waZ9t2ico9QBPeyifMeDfra1nKJNuV363MXXiECY
BrA/yivFF3QRruE9oQzbc+kxEN98iRlxj9/ZEfV89PIu2E15c8P70fYuJedbtp0=
=OqTS
-----END PGP SIGNATURE-----