-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tomatocart-14.1-jessie-amd64-vmdk.zip.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-tomatocart-14.1-jessie-amd64-vmdk.zip
      c12dc234745502f2c8b0ae7785c68c64

    $ sha1sum turnkey-tomatocart-14.1-jessie-amd64-vmdk.zip
      9cbfefebcb330eb6b91606387970b0767b1218cb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn7AAoJEIXCXpWhbrlNRkcH/A7oXjMnFIFhAzXYhCt/dz9S
CDIMWgeOSWvdLssNN83067HttY8FEb6Byt7dT0SgpOCFMhA2v08pt15Igz0BJbGn
s3ypBLEQ8BuGSk8Sf7mExddht7eQUIPd1HA3AR3JAUE3G+RK1NVSgZefeZksldA2
Wl8tpHxm675XkusemwTQtNFhVAv5T9JqNuD8+qIcJl1G56a3Cc4uuxRB6HVphCw9
VoubtPaQ0v0jDwFJrcsePCA19lLTdaddKl33MCiYyzUzWCYMgMH2wWbSyEiBmJ/z
ZMuv7eVb+uNa3xjgO+Wj9Jbsi9Tf8Z5Amv1giqY+3Dc00/UoBNWo6h/kWiBI5Mo=
=7RIS
-----END PGP SIGNATURE-----