This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-nodejs_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 09:28:23 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 271cb4db3ba5e2c48fea29298f67b42a85111b17 * md5sum ddca33e4b0af7471254223eb072a7bce You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlwwAAoJEIXCXpWhbrlNnPoIALh9JddF9excZInV0tZyA6WE pjA73XIrYXZxOXClBLu/Pch8u6SHIdggXmqitnlsfV8xXG/Da1zJUOMEepKybpmL 4+dNzxvNo4Bo1ta4gLbvSHaR4s/pSjXalvbSWs/xeywM7ziLprbBDOpNHrOA6olb j8l/WR7YWjbqhGnkZ/15eVpC4LxvSVwb98SgoM8HqH6V3N2r/01gpgxSmvIoYyw5 j+JZ78HuJaWw4WietksGSZXxxlFHzExyu6sPOeNC7tqEH9BSHJtaHw0Wcs0XmGXD Vml2RWObdeMC+NI6NXZe4jv6d8pQriejDTKz9pTHHyFl25Tn0innsyNXl75Oook= =d2t+ -----END PGP SIGNATURE-----