This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-joomla15_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 08:56:05 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5749bd68418b57b346818b852d3d7a1595dde811 * md5sum 43c6d3f9919b7ff1a89b4d1da851fbfd You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlSeAAoJEIXCXpWhbrlNXr8H+gNo197DCuzFlB+M/+Q9eRCc ECskC7zWmVzM6BB8GZBWf86BAFf2FqnUejO1p9UwPFx7e78ycQq9BL8CavCnXG6b vA7IyI0ICOYXBbxVR6rKDHzwhWwr9hcKigPlU1KFi6GFXkwZ1UDD+QfafxZeLFtr nQHQbBvX1IPRL8kzQWJqWXft6FbIT6796RPBNVofRGQHaumRp41GyGSOBvIsZunn JtjkJ613xXnN8Nwkvvt+aZYUr5ztyDqKYEGqTwetG7qH4+Sl+sTRETLc1IT4vYcL wq8UGOx03sb12pb0YLT4tUzloFZrbEAuALureQF2nLEnQw+vN1wlMjEN3HHXZL0= =TpkJ -----END PGP SIGNATURE-----