This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-nginx-php-fastcgi_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 09:28:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9aa60c4c9bf73fc749ad3bf0081c2be34efec621 * md5sum badf483b51b946e3b09ed22bfb787121 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlxDAAoJEIXCXpWhbrlN75AIAKkV7+hNGaGro3kIeMtZWzUL eWVBGdrQRWqWB0YRUYfN8nEGE6OklE4+rEVo4FgSTpdUEiEjD93nw0TPeM22Khcx wENb42Q/FwEkH3LVEfAprtpn1odBlYeBWQl9+moimUisnFwaA20LIBsepymU/4si dR96oaB7AWnXr2VFA47M4nh9sKVwAxD/7weP8IQFoIx83f9ppX5Eq06mwHgbnWJ6 S1BsRRdrhxZZAdhN48vqK0Sxs2dbgxbJtlWtiTPG/6+W0EEcgpLGp4x+9N4epynF 5ZEGDKI/dACgkUDUAO/V7WQqVlAoCjILJoFKaHmCmJTf/dnBBtAqvfAQFMhNMGo= =u+aT -----END PGP SIGNATURE-----