-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-domain-controller_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-domain-controller_14.0-1_amd64.ova
      19830e4e167d42dd10e2225d45528437

    $ sha1sum debian-8-turnkey-domain-controller_14.0-1_amd64.ova
      6e8360acb40c0a7b3ef8f1276ce5e896cca8f4f6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWObxSAAoJEIXCXpWhbrlN+fcH/ib3WKIFRf54ThbbtYsvjH8c
Piz8fUVQ18mQiJhtFOV6rlE1KLqzTia8jDXckNtpVNTTszzlXbULU4LBjyvg/4kp
XBe1XsUYmK4d1hESk4NAEpgH7FllkPUJsPm8lY6x4eAcysLIkWGNZjnsJtgrJGwa
OyO2qqqkyW99YHSAHsC3keTns+0oEYXxKHFoYvj/Ni2COlOja62oxw4svtdbO8Cu
GtoXiVNxAv7+N+Aw5v8bb8EMh/eyowEz1zA2Gl6htXbdCU82+Hj1hBg22dKEYHfB
wE4p9R98Ar5fdAOoHDbikas2ltjnnujc4Ca9V+Jfm46saCXFUrPS5I6dVXfUbbo=
=8VRt
-----END PGP SIGNATURE-----