This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-asp-net-apache_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 08:20:07 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 92f182a2bf8ae449537b0c1aa54cef60f5f2de11 * md5sum edb14bedfd60833bfb784c39ee1da9ec You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkwwAAoJEIXCXpWhbrlNKyAH/R6w9mmPNPIOU7jFKzveCb5Z cJQmSCm/71y3G/1ccRem7RZsGuPsXiyx3kXWUo7uL8y4jCpfuwqsJEJh/IM3OO0G tkZm3LoUOmZ+cLJpmvxPY+37m3yVzhu4+/TywwYFUStpRdSAE60NatpUjWFldGAb dbmEOBvFTFMUJ6uQUruohekBnYF4o/t+v7imo81d1wulVGfCDrnYthhmoB2DEVPR xdVscz6n5TqCZctdCPkoTMqxeGqZ+hTpxg01i48BkHAfJrCQ8UAJs71Qp6OtrcKS AhSgRIPBVpFCM5q9bwo1AsTBBnNGVyPH/N9Hf6YNPFfP8OahbOWdiCDHI1eiqMI= =eICU -----END PGP SIGNATURE-----