This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-torrentserver_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 20:06:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ae7f31f1441b78b80e46f74ddb56dd9f3e86aeaf * md5sum b36038db3c78963f5a873f378dcc3158 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaBXAAoJEIXCXpWhbrlNIT8H/2tDF6At8TnlcCio7HscrQcn oq+ziQAd1AsABnastQ0LMWSmRCn7+01APZXSlplqZsG/WBJAuQCRAvTA+HQRdNEZ J4a/AXliqpIi02geBsAH5p+o8itA2nznkIitvmrLBixDzRZ0lVHslfgRnc3m1heR m8tKjhL7Nj3WVQOILoPtA8DmrDrEgE+GsmaFTxoDls23/i1L3lTH5N/vBQIJC30T 35jD/GqBumJaItCCwjxQ6IA0ZxPInATifVSf2Nhdvx5dXPbBxuXcZO7BlFh7TGct Lz4VpwZs9ezf7ZGsSn+wemK/fN8UbTq7C/sxpTaQC7g5EiJZcHKMzY/Gc9K7Q88= =uZIa -----END PGP SIGNATURE-----