-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-bugzilla-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-bugzilla-14.1-jessie-amd64-vmdk.zip
      c54720117852efdaa95aa6ee4e9cfbeb

    $ sha1sum turnkey-bugzilla-14.1-jessie-amd64-vmdk.zip
      8038ed2cea2162c67b347ce5f10fd29a3141d533

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJnwAAoJEIXCXpWhbrlNSeQH/i6MFlfh1CCI6iuLVqgUOOKL
0x03KV75YxDv8eD1VFFqdV8MQlvWlIsLaq0WAwCGIQrt8jfHK5eT4VWEOGK8bW3N
g8q910tmhwc2BiSTzszcxTWF6s7lEgG4/pzIZSMmGC0anJJmqq5IZheiKDmud+Db
734Y6t95YqlSxJpGJenDmy7nRdUkoTV4643VCrDPx7wQghMLXBhCH2ksXd3+Dz8z
/tuDbdSYEyajSSCJuAX+yb2t6v8N1zVM0kD+UxLl3iJDHTjabWQrTf10HqGEGr96
Zcg0SG84bntQN0d9sygIlNfpwoNFpZttxEKFS8TUboJeGbt3GFoqb2NuI30Xdoc=
=QRPw
-----END PGP SIGNATURE-----