This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-bambooinvoice_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 12:07:17 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4afa7082eca8662688d11347319be46ef43a38be * md5sum 45aae6f6d5f9711becf5746e5d028552 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXoFuAAoJEIXCXpWhbrlNdaQH/1ep6+RK37FVdvAxjFwahDyn tW0ygGA1hHk5w+2O0ZVQ5z3BXMj4ywW1O6RO8ytYhi0QzIPkGyVZYwpSzWtPwG+C 7mS4zo07j2w/0DqctHBsJEx6j9QVbmlFwab2QEU5q0IMuqCEeHBvy9lqQkLphbdV kC+R2kW4mv4crbqPuK9hjzhfb7TdgtbFUoRAp5KXvBH4F/eZ4Y0U1kIzY6f8WJ2m hUcRW9S2AC2HJntYtH7Gvvhdmr+nmjvmf7gfjN0/w/rYTsX5c14Kyph4w5FjIiQT BycVwSarUaTK1MbWqWqyCoMfQ1RngkPhgKjqJrF7H1ajmY+gW+SLTXWyjBMtGyk= =w6Ra -----END PGP SIGNATURE-----