This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-mantis_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 09:12:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4315bd967b06dfb4c1ebf6eb8ab6d9281e5f338b * md5sum d23a84806b1ee299513ab49eed86c8a6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXliRAAoJEIXCXpWhbrlNf1IH/Rix5Dgfl0GUcrVjO2YsoqHm 7cMkmu8SQZ2tflU7FxWZiR0ZsPZlUpo2Ua7VQ3H3w+8N0TPGdBRVWwBr8NO1eTHA 61yaP6gFDlEWpt4Czf3yqXCfj1ujFwOOYrEvMgukeQ8e3KuP6UoQ+TJfX2Wl2rBm KaDMPHouFBym9OWTTN0ns9l6PotMu9CHAxz9Gbp9uObl1gnFe/Dt81AxBYZDXWBY bkQKMUADb5fpkgykkrBlRmhUZ5ZCJkV8rTFnFGJS02saMmJvLjyq2pmsld15vOCk OXsUQ/pAD467+Wc/2+z1f0BgrbOL1IVOD3CuFFp+IkB1nDvSdQCp++f4L5QC5Cs= =OMIQ -----END PGP SIGNATURE-----