This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-bugzilla_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 08:19:46 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum cbff5ddbe7207b621526ee380ad3b0020bd4d158 * md5sum f63c1e187d08b2c8dae11ed6fa182e5a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkwcAAoJEIXCXpWhbrlNVYIIAKuFGHOU71KyzYtct0bGE3AG OwUABhVbPQbtr0HRyo+M6ppn7+FT85Hoip4SEK+mBW829fnBAdur4GqF5cIor75f p8zOpeZkanvW5cu4O2gawfDVA3j/mkbiFilfv+Kh4yXp6834DE7vY6mHaBDiMe5N +QvQ/HG8wizKZMWLWfxCqZhcuJlQb1FQB9f4RWCOhQZX39IkD293GJhdWVpGRwtK PEwW15MEfu6kznZa4n/eWh4uzeeEE8z6fXiksCMzzT9gKSH1K8fDJC8FDFfY6PO1 8HuZOVBiyVeH0D+iNxM3QAiVt9b1GGnQdmM007niv+ce6HWe4xtQ14gnpA9dK9c= =ipPr -----END PGP SIGNATURE-----