-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-tomatocart-14.1-jessie-i386.iso.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-tomatocart-14.1-jessie-i386.iso
      fc5bf40039817c1d2edd1a0b1640bc8b

    $ sha1sum turnkey-tomatocart-14.1-jessie-i386.iso
      505ff855d8e91b9b33d6214fac8f363a4a7d1413

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJXCkP0AAoJEIXCXpWhbrlNewoH/jpWVP1q3SxSRewEufxgGuVF
l+5K3WHGSlzLnxVoovNMl5tdO0ZzaDtmGhkROfVCN3SRBeCrkr0S9m3vVFULf5ce
SkZEfADsMgArNAz9qZztad3M28qHG94WGzorrtWzfkA8HkgmGIpWymTK69qFzMQt
VFJsqBU2SfvHG9wxvChUsJyKD6XWvT66O1+p7xZHCH87j9/nEjVhF1x+celBOkkT
G+8yPllHWk/nIx730+HtSSeUM02M2Ca3or3YazKMilY9wMo7E/TVXv0JaycSYXWp
cPSVvLhii4x61kZg5OSqB4YHN/vZg6uqs824daRoxbGkRfrF380mpQTamK3iEhA=
=FGXJ
-----END PGP SIGNATURE-----