This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-vanilla_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 20:38:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ab74e1db9f8e8388eca23e73f5bc6e081cd40bed * md5sum 2ee3f91a5935a7ed883f7a903190b48d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXafPAAoJEIXCXpWhbrlNYOcH/ifjNaROC565ersJmfVJqeB3 kmMT0r2WgUo9iKbX8Pmfx7W7GQVvVMqb6bb2dsk4RFpfv66TPkwGckrMjcMzlIzl HxbBMtLJGUNJwnrpGFdUrkqXd/SyrfdujtUplDOd0zIDp9ftiGq4J1k5727p8Biq Uh8+5M5xVnZe5bNtSx7p67QKyo3Yhs1DW3NlrkTCTJ+Y8Ji3nytfIPsjt7HOFF5Q kzUJSyxRnZJaaQJS21o7Uo3Ou+ly2JQ23KqrgvBaz566Ycj2sL/Q/iszuGegrzjw 9IMSBULVfHJvlnwmAKt26nKUXEpKBVpN1k3P3b5v4jdyFLMXj6oYnQvlolOvVQM= =P/2m -----END PGP SIGNATURE-----