This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-elgg_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 08:42:47 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9a358e6dabc9c9dffa55b43a86fd0c9d6a690855 * md5sum 1b047c5ebd2c8a856ef971a2b4d30e15 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlGBAAoJEIXCXpWhbrlNTw0IAOjD2HydRPnw5I7urHD4UJWk jUgw0xTl+w0bdHiSST/a0rx9a1jXeYEA3cLIV2FE9zLgw2+OhMj2XHXmkZXnlP5e 7Sc/LsWXVig6n9ZK/4fh+cqzqWLMSpELVVBeVJSCEQyqwdLlmOpMiygNTPpEWTOy l+8XaKKDgckZiegQV9PxJgHGy0PQ3FwMmzON1jMMuxQ+w5gMtwSksgQGRa/W+00t rykqm4c806CFwgyKpvGyhqpAbTfDE2G+Rf8oWULq6S8AbQ/V7Pcl1cznVhXd4tz1 AqxtPJPlsJvnRusqvZpqtM7CaVeC1uQT/5VMSrPAKG0nHHHiOMghioZ4q5ghfcA= =mu0S -----END PGP SIGNATURE-----