This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-xoops_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 20:14:30 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 03e099be976591aaa4a51f1e1136a895c0cc74fd * md5sum bc3fb5ca4d18bf31b8beab1ea7c0978d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaIgAAoJEIXCXpWhbrlNiXIH/2cgBV4t4/rJuzaMfbOlRpRV pKXrqFdMyqJXoagr4+6IJ/9yJuZGeVrVmp6fis4nng3ypHGGJLgMN2qV58NgiqlZ I5mOQXkeEqEFqLlQNb0ftQysBL61Fd8N2M6VwrQ3BDPuTK8vogDqHpMi/sUnED9+ upP+L1K19sCPVMfZJ2OmnCNV8Zkj45hmHv3I2Cpz6bcxhB923jGj8zYyfU+Kqn8G 0eIXWzyvNASot0a93Hm00/ym4eyjatb3Pk+az1PGLW51U19LL5MhvvKoztSt3WsR AbzI491fV5/dgvBrs34zbIcB4hckpzYnC6WsszN7yxh72uT09XltWuWT7s38Lis= =Mbkz -----END PGP SIGNATURE-----