-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-moinmoin-14.0-jessie-amd64-xen.tar.bz2.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum turnkey-moinmoin-14.0-jessie-amd64-xen.tar.bz2
      6ca7cf816eeea9d827d5467dac15695b

    $ sha1sum turnkey-moinmoin-14.0-jessie-amd64-xen.tar.bz2
      12911438f851aacb831c4b3cdc986ded26f859af

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWMdiBAAoJEIXCXpWhbrlN45wH/3whBVixj/lzuEkH8IR3Puev
hYCdkhup0OMqkdE+m70jXgigOFZRiYvLC0yU2GBhuHyQhA1Qfm/gndIaGlNDpHJY
QNXK2q8gOZY68mbOJYo0ubPHQT1rui/Rzqr02YRxZCbe5ZCRlg6BjoihJDIBmFv6
9ivY/ZDYVIVCZwkp5D2jG1a7rITjavcv3BOtdfRt8C8XOf2y4KDb2gV9zPrDlLeW
gkgb71ng9eUrtuz67xmX4YyEu/UpdTqdiH7GlwLeul82U5/dLESZsLnQ7j+loVt2
gOd9jHD0q2A+WbE9fyIy8CGnKWtVpFwSDlOgimiHIwWqFUMHyI//9lzTrQJCmOM=
=p/Po
-----END PGP SIGNATURE-----