This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-phplist_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 09:43:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ccef53f585ca684f80d47eef3b671597a10cbbf2 * md5sum ea3ef731598f8a827c77fcd577dc509e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXl+7AAoJEIXCXpWhbrlNmVgH/jrL5/51BTFHWnJLMZTt/rTj +6EQkDuS9RNeSn9D+O62g7LMXMTehU3p5NEDrUqE+lygy9VOLSafTwOYzEcIS4EE 6g9+1A4QXO2fCdFcObiyYCf1VnVdQ8QYTsGCpi2NalZC5JbccQ3SQaCPitNUCbCA nWmvt6XHbwCCWtSLC7cv6wDYMNtaHtIpU7GKyb5q/ViavejWAS209wf+wRSrKABu nbqUzpzV7e1ZjT8ICVhoMU+Ym6MhMa20zVDH+rzCOlk6EO8MNo3klfGfSGcLjefA wbbo5jEbpklfi/0q/pn+yspb97Hxth0zRAM7yiQEkdw0CbubwaL0SkkDn1BoWIc= =68/+ -----END PGP SIGNATURE-----