This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-mongodb_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 09:27:24 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d1e619cc6f7e58d4ac01a089a5fdc23df85a7ba6 * md5sum 5f68b2458e08c1b95e0d7e59b5e83281 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlv1AAoJEIXCXpWhbrlNjuUIANPN5UX9rV9zpG7FT3aATxOV f1xJhwlS7b0tIYFhNa/BRQ2+TGNrJKa9Eqysl9/o7IxOajNQRzQh7sQAQW/Uddlp KFS3/eFLaTEFFbrc/SwBhDMKpBqLgi9sJK1UjavxClbBQJ9sEGQh8Fns072FMk+g p3olQBfkEDaHuiyQlXm2GNda3RpMV5UtzEtOKlQvg+XBGjhWruNNLWM71W5BOQbe NukuHxDdxMRoPeGosjhlb1miV5fX4diwmQ7gmaMlm/iUf3/Pdx9kVR7/ifp2OwJ5 2+GOtbcZ79yjsq5dT0jZL0cD9tJw+xjOZ5m8qyJQQNg7FP9k8NjjsXdvJ8MKye0= =xVtB -----END PGP SIGNATURE-----