-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-lighttpd-php-fastcgi-14.0-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-lighttpd-php-fastcgi-14.0-jessie-amd64-vmdk.zip
      6fd08d3b3f0e5c94eb478e9241337adb

    $ sha1sum turnkey-lighttpd-php-fastcgi-14.0-jessie-amd64-vmdk.zip
      336592eabeca9ad92be62b615cc9f83b157f0337

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMJdXAAoJEIXCXpWhbrlNFHsH/1rFFnG0DeOgDwTmTcduvdX/
jFGfPjB9Bfq3pIwog+7VL1X6vXNLoPeI5qLoo2C73jFQIRvNbe4t2US+0xCrA2jq
UdExi9ZJxvrpQcvpi+8uPeJn5bgFBFgv8T4SueHit5j1gYE/aUZVqjUuSaBIfhHw
ory549M+e/uqYSvH+CZyWrR8EPFB4XGI/tSbKZv20K5Yj9A4v9suiPPOzR6hcBoU
Ic1ml560pUCh5UbmBy2IyyxBzNO0rHOrWx8L0rywR9/ShFNT+YH/fiFv4P3S1F1A
swPllDmkL6krZznPXyB7qSxCIBLES/7hMW4ib1vKtFA1lTPEToGW3m1WoPsdrRE=
=8t8W
-----END PGP SIGNATURE-----