This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-drupal7_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 08:20:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3ba1817d404edc0e2981cc006c741aa1f1b4d5df * md5sum 7070f5c5360584b0ae10520279be31de You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkwtAAoJEIXCXpWhbrlNwGgIALQlmP0kttnMF2LCYHFc0soo iI2fCLj7ZxZ6ai6RrBykr7viPsGcQtpKJBXUem+8RI0Q1qtW0Q+scBCxQGSPQU/U +Di4m9TZmHgfDwO288NG0ZQPDW0jATT3/aXobyR8IMHErnpzBgLQsU90lX8aj7Uk 4j/TE751wXI/mTPbW//q4cwxKiU4xc5ecO3deR7SdcsJcRHo2ghL8O/0MuFIWo3n wuYS//c5M+mUzFI7Qo4HvnSydLRItIH6NPQ1Q3nTlLpsQWAMhAOrxlsWu1teR1Tk Li/ops+RCv++S3cw//SckMsRPqi16XHjPoV4IiY4HBtCxqPHVBRywdrPYJuOvLg= =E7fO -----END PGP SIGNATURE-----