-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Two steps are required to cryptographically verify image integrity. 1. By verifying the integrity of this signature file, you can be sure that the checksums included in this file are valid. $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key <release@turnkeylinux.com> $ gpg --verify turnkey-otrs-14.1-jessie-amd64-xen.tar.bz2.sig gpg: Good signature from "Turnkey Linux Release Key" 2. By calculating the image checksum and validating the hashed value is the same as listed below, you can be sure the image was not corrupted in transit or tampered with. $ md5sum turnkey-otrs-14.1-jessie-amd64-xen.tar.bz2 dd09dbf9b56fb64814301e14d723cab7 $ sha1sum turnkey-otrs-14.1-jessie-amd64-xen.tar.bz2 032db88025af4b00cda1c03521fec16e91201283 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJXDJn3AAoJEIXCXpWhbrlN07cH/iYDXiXVpGhoe6vUmgSCpuUZ LFXlDHYhGinBJ9HXslHhuqdpeQ4JWlHH43FvPrBmyh8oT9St6z4ZozdAfcNxC5hm 0yrHblJEYrerl/JMKTeLjtHjFwyadWFvCXjbC+EpmY1IxSM3TCVD9kZpTVIMohmj edQ+zXsMGCKoMOZ6ZlegN/nycbS495Y0q+vE0dL4JpW9gwumTp8Ak1s5IzQyeUDr Mwd09IUvV6dM4tbEesTvV8DJ5OIbRRkxIvliPHupFXaKlpocARZ94Im6iT/64Cns ytCQplVp76GfrzVrxOvZUzTUOspRJ/WZFM51VyyMS2lbRqelEAshectPLx21pGk= =9Ri1 -----END PGP SIGNATURE-----