This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-nginx-php-fastcgi_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 17:09:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0ca062aa0b5b73777b089af0f94f9f452d5bcdd3 * md5sum 44ed4ae60087d1e263cedd4952a10f11 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXXayAAoJEIXCXpWhbrlN194IAKGkx2ii6QsyAo/yqolbZVXE sFzO+c9FhWaskSNrS6b7PnJ0uBAQvnKpe+lu5Lx/8zqMtojAShEN8//Cv737azli sc/cG2ZO/PmhngjBj4AQmOCq32PG70jvv/LL+q7kEbDqHSnUoT5jr718YMWQjE4+ TgzCrJhJCp6O2vOzHHxmm0eNL8B3sh2XNUmzCZZ1+AbEyYiISAGgrnmWLWVSzmWC 5IONxaqEq+jlPW1emncT/v9z9ihUFF4zO7+fHlBB2sW8dCHhysdun4s3kRUuO7/o 7i9JEvNbigoAhrM9OZj4RV+skTWzLagdc8788nHid1puQ6p7JEGsiANZKlYCdug= =C5WZ -----END PGP SIGNATURE-----