This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-simpleinvoices_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 10:10:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a6f59a3dcf2351926b4efae9228b771f5d0e30a8 * md5sum 2386fe281a627c0889b79ad1bd9366fd You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmYHAAoJEIXCXpWhbrlN15QH/RjIYqXdEATWBC3f8TMz7sSB cQc3JbLwyZNOjc6wWO3FPC6G0f5rTTyw5MRsCXwGg0Rh3bg7hScYAJhEJMllPJlp rKFt1DvmxbIIiXZWRLaAVC/+F6+LMs05h6TaNSXRq62bN6nQtPDujMxI7BkqLnmG MVd33PCXScjA7d7blEc0j9g7hCAlHPQUAv7fTvIMFrCRk13Wo9f3iadsdSjObuLu KQzXuxbm+e4bMBHotjBDNJy672FZ1wmdN33fsxP1LDqtdcz6HxBh9W/0bEIdEtql Zg2z0oskCBX3zuavYDJT1rMndu5ACjsbjghCgI+Qn1yD9yAnuPax79Ly5ICs4Wo= =x4bQ -----END PGP SIGNATURE-----