-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-xoops-14.1-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-xoops-14.1-jessie-amd64-xen.tar.bz2
      3820f1dfad4d64e97b5f2f0181d5487f

    $ sha1sum turnkey-xoops-14.1-jessie-amd64-xen.tar.bz2
      eb29090956bcd0624d02cbcdc9e2bacee9488c19

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn9AAoJEIXCXpWhbrlNTccH/3eEHYV/d+zhgoL10IFxvtjL
6eh2sz01gYUzIyzBxij9+zQIaUecI+L9ZRe0B2BmqzMtY8rqRLFweQbk71cvBXRD
Rm7vtTcLaMOPJ2cYgQaj7CWQSbb7Xtglokr0DoX0rCWetGpYyXSWNtqI5o3ihpwV
6NnWWLDnD2yaGHRdisM3kVIhkE5jaaVi/qmKrSG+LnkGUKBOIIFRzeNSW/5ssVkM
UtphErDeV62etPoNLV9AECfNgAinQanQC76nt0nLhzaHEENw7cNPEMfOFYgTE+Uu
3O6FexS5hkJfEW/ZIU76k5ACAxrXoowJ7SXOvqkOl53G+cWdihSt7dgVhJroAkw=
=txRK
-----END PGP SIGNATURE-----