This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-redmine_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 18:34:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b076b369a5edc876ae184f88e6ea58d884bd6fec * md5sum ac36c191ee0fc0dffb219d74f9be53da You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYqqAAoJEIXCXpWhbrlN7J4H/iUl9qys4YPtckNVLjc0jKBG FzFspEPiwogLEmnIL/A0nzYn9P/s8XPVpDtNWsUYbqW7z2TE34JbnO05dsF8+wXl OQ5UBqGpLk7Tqt7IHW8AX+s7M28Ol0sRBYpuaNYxjkxIriGTk7qcZPFBEJTSsig6 fDcDMt7iRgADB2F56nwf81m3Hq35nCBl/yCABy7OxchuxMGHK2CeNWgwMD090lUZ K+8sUbKVozkWd5ITWqAbyv51eYzLg6RnJ/cJrGEGzGLhEY2AkHTfrlX0mJvGVtRw QZaMZ/yLtF+I6k9rSmtNSpQYkC+UiugSGWKKur5NyJgk2un2edomcY6FZ1HKLqc= =8BT/ -----END PGP SIGNATURE-----