This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-orangehrm_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 17:36:33 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4b853ed281f5b1e0ad8cde3a2e3228439a2ec17f * md5sum b006adb76bafae32f1b931beb3e88965 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXX0aAAoJEIXCXpWhbrlNHI0H/jHv/yvWjQMDmuyyFgYD23KQ HxLrrvhD0K8xciqkBZY0jzt3Y+2qJJ63/VcClciMGBvUrNJuDJpS733D3KyAcCKD Q1qm9Up/5k3AHGEVv06WOxH8+DCklqR95UPf7sGdI6T0gaTuUTggdzGif+JyYA/D 3EeD6UAwbIu8FGaMP3cgQkxkmlDEzMj5unRu7RAWGe601eRpTT+FPJTE9C7FE/3n QwxuqGgmZuqTolMfddG16OxmDYqhs1wxjgp6PDnXkGKBVrjpHlB6abySDMCig5ek 1oCYRw3BYxRO2lBJjT/ULtaBRLsQMraYG8OqEBSRDXb1MgLOAM6Y5I1UcFTyi44= =tE/C -----END PGP SIGNATURE-----