This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-gallery_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 16:01:11 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5a9bb455fca602403f2f0c24467456ad8ec3ce9c * md5sum 501306e92d48923641c01163d68156cc You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWbAAAoJEIXCXpWhbrlNQQgH/i2vrWY6GBSxdK6Swk0t+7CD 5dF4mluCvj7aCvaN4LUojjJ42XYJVcWNzY+9ak3zd6o0tzw0bWdfr8rcmpYnpPJq Y36FPTghJqX6NoV/AKYQTc9JIfHJxmwrgUyqsdc+V6fcHFSGnjPsWY3lqeA+4vit EkvXfaenLxEF9fzGtCS6+DohQGYWKrizC4XiKXlYyL+8bUsY5ZY2J2CS5RIdYUkh 8E9/J9VLSwk8iUEs7T0t2BADW+626Z0QGffp2tj4K3hulgB0oa/keORkym5g4JSO iAVMqouuKuJ4EEfhiU/iNx3Zt/zDggTlj3al8uAuD2ANvdjyRROzhdVf58ixOrU= =YHx3 -----END PGP SIGNATURE-----