This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-observium_13.0-1_i386.ova.sig gpg: Signature made Thu Oct 17 18:15:03 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 244aa8fed2aa773648c78f1fc549058e1b30361e * md5sum 9ca812c86e2e83cd5b938ae9d89147a1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSYCkfAAoJEIXCXpWhbrlNkzUIANnVUTww+JCG178RVE4vUclR fhkcvfaty2kXroupUQbwIQbTqcRh5nS0l6cC5nfPdIe1p6gYfSR8Zd4TYGLgN4eW 02G9tR0ScLzhnXM8QaWA9aTmrBiVr5JQ8F7ZOy3U9qq8rEpY7bMDp5egTkpXV/jY IFclphRBHm2fMYC+Z5J8NWfRYYKNYi2H0Qdd7jp2wankpysdS+Y+8fK/gVv12PTG K5FSZKyuMv8VyGwAsp4HVZbJ7w79AeQS2BnHgk5KA+dgNSpmL0I0JieaAe6btngU pPe7AO6Gtm7Z7rPrQRH+jg3z8hmYPZztdOzuD1Ip4DBMnLxDdxO51w1UXTT/mu8= =ym4Z -----END PGP SIGNATURE-----