-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Two steps are required to cryptographically verify image integrity.

1. By verifying the integrity of this signature file, you can be sure that
   the checksums included in this file are valid.

    $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D
    $ gpg --list-keys 0xA16EB94D
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify debian-8-turnkey-nodejs_14.0-1_amd64.ova.sig
      gpg: Good signature from "Turnkey Linux Release Key"

2. By calculating the image checksum and validating the hashed value is the
   same as listed below, you can be sure the image was not corrupted in
   transit or tampered with.

    $ md5sum debian-8-turnkey-nodejs_14.0-1_amd64.ova
      345ce1b5ab4737568cf46008cad36d20

    $ sha1sum debian-8-turnkey-nodejs_14.0-1_amd64.ova
      e043bf79ae014ce2001e39df5907382ce29d0bfa

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJWObxUAAoJEIXCXpWhbrlN014H/Aw4NsrjOXv5wpuM/NBEVbh1
RcWgthiEHWKKkRCXXm8taIWGBcFPorypuAEsPuaLn69MGmOsMyYXitOLhNa/Q6ID
vtqlue8KLE5JQsw8Gnb53TzO+7DTjg2rhAfktBhjj2oZjsd55D52ut6KMdB7MLj1
ec4100BUbS+N6fTxZhNU5m9UmlL5JlMY6hV9sqV58vCC3jf9SZnMhd8C7Lp0PhK7
Ekoeu6zoDKO6gtH7uZ1uUhijjtuj3EO9Pj0letlznX8/ATuGljn/yQQaF/lnayE1
0LH6H/F6ZxNzjj/uHR33FG0Z2mfAz1qq4YkXO9P+3I6qAf3ZvDd9MvCmDSzfZb4=
=suSg
-----END PGP SIGNATURE-----