This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-couchdb-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:11:36 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2de169b32674051e59b37c251a295e0fbfd9256e * md5sum e22423bc7e86b4a6097085a25fd668fc You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkouAAoJEIXCXpWhbrlNLd4H/RM7GHVk8SNWn3ws0k/6WzsM pbk50RpZ/ZgRNFD3U6mS23lZ3ecJYZ/cDq2nxRB00xmImbXWtXCpgCSX/ekyFU56 YcFgTvADw/8sxnfzkLXY+FKNFeWE/6M3mLj5J4Gy5xQZ4yIjC43teqg1hX2qcbUF NKgIzb3a1byHNYo1vjGJiFJWex/CEk9R8nXVyUEHVBNjwUvKKW5ZSAzDpid1iFnz tlyr8bMvx/GdUxvjlA3VQdPuc5CmAs9Pky1hhDNpbzNG5f40USYdCPmVuXkkl4V8 N81lPDXzN/vcYjr0b3UH/p9MPLBCZeauThFOfRbTv0QPQNna8/qEkc5qcm1NvTw= =Is4Z -----END PGP SIGNATURE-----