-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-yiiframework-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-yiiframework-14.1-jessie-amd64-vmdk.zip
      341efbd90c10b3cddae3ff293ff57b94

    $ sha1sum turnkey-yiiframework-14.1-jessie-amd64-vmdk.zip
      c792406b70c48cf8e41872f5f6d84352aa78fcdc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn9AAoJEIXCXpWhbrlNe7kH/0hj4RKw2r39zjGfU6R/qXwg
MkIxybXOSINo5huUx82qG6hm+jdSI6UxJF6L1+feudyV2wf6geYvl8ZroqodxlbG
d8fJw/SU9WnI0C1sJEUaPlcl1t9aBZJCkhVp09NnDOHL3TOXxL7S7nnN67bKsg8K
DSQH4VJt+7eOfwLduFAW0Hv01k6ih48WTcxXwH/1CJQusV07eWaWb2gGKPQXSwmW
7zho1I1ZFlo7JJ4sxcZiSsog+8F8ZDfo8CVWlX4I3aFm9qPyJc1CVzjPc9xCLEoZ
kduxhZD1CEvXZcJynli5mOIFyh1IjRfk6Pi7Kn4Ot34qg7VM7x34Y5tybeRrL6s=
=BLZd
-----END PGP SIGNATURE-----