-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-oscommerce-14.0-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-oscommerce-14.0-jessie-amd64-xen.tar.bz2
      ee63fdf6ad344d7e4e0958ed67fd2ee3

    $ sha1sum turnkey-oscommerce-14.0-jessie-amd64-xen.tar.bz2
      3ddcd6804e9ece6d31618eaec795d0a478614fdf

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMdiBAAoJEIXCXpWhbrlN9nEH/jsmT3W2LNCebICACbCNr2Ab
DBkvLkFjquplXI7mrpfiX02JZMylEQAvPKgfUfcaLtb0Vo+qp+Yi9K63Tl4qyn73
/agMgsZLRWvzEXwirNhuholaG7dkzB94uMdpk5ZUrg5Gds2erqQfbrK1fO4DQI1F
4IutjLIqZK18nlMBCxYs8JmH64XRxmd09c/0DzK7n5IzcGkha8phP+GHLpkAxOWk
HvEy8lCqS4LwI8LkLEZ6BkUqsqaM6l9U2nC36PcuoTfdjYTs5thvvHxBojI3uG6p
myQ1VFctylFWMoIt1jChuuFUYk0EItu4KkzRICQHMV/wzLKPP2IN7egkYzUfuLk=
=YGAx
-----END PGP SIGNATURE-----