-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tomatocart-14.1-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-tomatocart-14.1-jessie-amd64-xen.tar.bz2
      a196bda9bca77b979eb7d0bc1c260f06

    $ sha1sum turnkey-tomatocart-14.1-jessie-amd64-xen.tar.bz2
      aa04cddd75e58a211e8665e87cf351742785aa9f

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXDJn7AAoJEIXCXpWhbrlNCE0H/jqe63Uv0Jki7JgG+fW0KBJ0
E2hHCVAsqw4Xpffm07w0QnHcPSs/beHDuj5p4lAYdKTEOFpIHJMdLdFM/0l0McI1
bmWSW3e/njdp83wtXejFVMq7Ya2oTMDq0PN7mBGPDVhUhQoXAKFxMResmrXrnM1Z
N2tR+eIvFtyKqxODlIsEb5QS8gSfW4kv2FZk9IKA2l02ZoD/UXWarQ6uVpcqbdTZ
1N1FmntoCAw6d9iLD7VpSSCQXSHMunt10oVBgHVn618eAa4Zm+JCiQ4R5oNOlYMY
unvw9gJOZs87T8lgtE61BF/2Tm/DFcw3rcp7bZRaBUmiKya0xKwYy8Bg5ueMC28=
=YMeP
-----END PGP SIGNATURE-----