-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-gnusocial-14.0-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-gnusocial-14.0-jessie-amd64-vmdk.zip
      ea9a77c488072dbb5398953fea023c82

    $ sha1sum turnkey-gnusocial-14.0-jessie-amd64-vmdk.zip
      fa42d767ff4095311897eae8657d2ec24e792b3e

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMJdWAAoJEIXCXpWhbrlNS90H/io/lTEB0L3P9OoLENhlE2Wv
ROnc26fmruhZqKWxguvSSdZiIIjym6jFcO12S9mnw8bFGUPL/c3187PsW43D1fyt
b8kiwLI9442TVkUHSEGU3sMUGT7Zw2BGL2TQHCnvCw0eNTq7M8zlxs6FmGm8nbfk
11iTZgoUnNMIG1qqMyy/FkOS/fKJPDppwvrrqmEoV/k0jic3O5Mk3Z9siGF7eQlR
luwLNarv86XNuFGyvHH+4SU610oRuRRHKekS2pKWIOei47DEKiHTVMAH1Dy4KhyR
TbcbOtIZ0dQMmrP7U05FxEP30Ri0G7E4JeDcjRflV8icgQ0Bg49ZuIeJxeldFWw=
=lH1m
-----END PGP SIGNATURE-----