This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-otrs_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 09:40:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 8a1521a5488c739020fec80b49dfd97676228b55 * md5sum 7526f219c2170ff7e5222a9ea164d9db You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXl70AAoJEIXCXpWhbrlNyJQIALOefFVaSDL96eKwld2UUMhb 0XK9aEjUUnF3lxj3PRBSnNgN0VIOrMaCRTJhmb3sVrPYOPa8ENGKTYzNh2qooEko AYJCVFZ1JT+WwiETJY+2vAg3loPAJ9Qt/D2gFZCamYt6lhNn1ExDDMeGS0gXIQR/ QfFBv42rgsR6uLNQ4FPTK1K8EtzhECcePoNmWXLD7jgrJlcC0PE1qkfWHGtI63qs GkWC3IR0FPabeD/2lYLNZMaKU7uwqluRI6f8Kvqr2ttxjxkP3EBDImAWuJSNND3i Kv/k7qbwdr5rmjpJilUyJbvehwTYsXzxyOuz3q8F8Uh7qYg2+FmI0QeMaN0gNtI= =QUKy -----END PGP SIGNATURE-----