-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-sitracker-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-sitracker-14.1-jessie-amd64-vmdk.zip
      1f6ea514421976c95bbb1d98f2950b6d

    $ sha1sum turnkey-sitracker-14.1-jessie-amd64-vmdk.zip
      289fedbc2f112d12a2644b996bccab743e8df6e7

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn6AAoJEIXCXpWhbrlNaTcH/iZkuwyYI8ChnjQ+dngdm9tf
1em5aCmg1AdH77XrDT2s9XuDr2MeujoyeAf4s/VF4yIYi6959ldpqkvwD41gFZyX
yt9v1oZQLM02Ki4nCoRk06KNfnDwkbW5zr2VCtTmMbAxo4cCae4jJb5zfb21YnaE
8QOS4q+uDOinuC8u5wJxlBy+mP1soRjmKG2zOLrzp8UazShGTP5jr1/ye4vk6UvL
dheWpH87EvJT1C7EQowdyc3OaShFw8+Qcx5qtHYA3ddcmwS7rhwMaBuFu/nnwbCD
hmnNKApDT9IX87KP/0UapL0WROx2aeFye0BIHTwDdJ++oFzqUK2Fl8LraGYzwHk=
=prOL
-----END PGP SIGNATURE-----