-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tkldev-14.0-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-tkldev-14.0-jessie-amd64-xen.tar.bz2
      2b1eec35f00a9c015d1ed47dad5e20e8

    $ sha1sum turnkey-tkldev-14.0-jessie-amd64-xen.tar.bz2
      ad3f9e0562d81cfbfe19e4b76caac120a1d3cb83

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMdiCAAoJEIXCXpWhbrlNW5cH+gMhDNyMlr/GmY5I6U0LcNRb
3khS0peh3IzxmCETeQGF1ZBRFPjPri1hRSmvA5xT/ygpIKuE3SY+XooS+ArvvXtK
LG7/IV5EEvjzBK3qrv0VuwY4e1hMd/jhU5ZuDsQOliX0eGmlRN1F5c2EummYFqEC
OvHqrEbRRzVZQZsltcNw5Isf8Ib0t7pKvQ1AERxbnJKPte9RHwSdsWG/keZEAfBZ
MsX9kT3/2v4parhl/xJ3EwsSO2fUKjYypJSBRh8maxKuI6zHprEIM/WYdec6HUXN
LGpGqTaMnlNmBsQfYSYrEC+QvxUQwIKdvGh1nOZg8B6Aq+eUM0acjIXlJEg6V0Q=
=8jY+
-----END PGP SIGNATURE-----