This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-plone_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 18:13:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 06f3a820c25cac4833453a1dd921c376a262eebc * md5sum 55db6da1fac9d337a36fa9c86be14f89 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYWmAAoJEIXCXpWhbrlN2QkH/jq98ELvcev/23KdQVek/WL6 sbIASDZtknVBsGGuK5iPqdv8NMZ8jdPVaiHWKjZ8pqJqZcPhr+iOWELKi8gB7vjs nwpEfg8c3taP+j61va3UZM7MqGaCJCo3FeEC9oSxQSy+996fdUdfvhCmOtA6czUu tI+eQqJGcyU9rSX6CtdG98l9WO9I6HDF+HSJLDmxIPrZOZGVUzHhCcAqKfWMnPOh T9yYI0zEaZoQ+nC9mGAEneStKgWqqBnXhMbGdKiopy1cq8+q1vji3zfhxtPHhmjO arTrMhjJlb8qtbZ1mOgi95ootsjcPtwrbz+UeOHUllieAbAMT+2nadV1pZ4FYbs= =/def -----END PGP SIGNATURE-----