This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-zencart_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 20:32:08 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 331e9b7010c02b382e52e8ea7732f1c6e0dfaa2e * md5sum 529902225c1a7daa766daddd8473db60 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaZCAAoJEIXCXpWhbrlNILIIAI2xtU5WwJmElZt4WP36o9I+ zQeQ280yMIa0xrFuU1c500dTIAbKEp/iSD23gMREQ1J9sHDwk/oU0MSW2Dei3whc Cd58ATORLlCkzzb8ruKiu1m7nG6vAdf3cd9LCikebarxkY62LoNzs9uzJ3hB2lDa axzDX1Z8ex1IoO14zV6dU9xN0BPY2KTibT/0dFOaqOo75ik+OmsTtN9PZ9VgrSi3 zIk4afOJPI1NyFEWi/wbThSwYifulpwrMr25s6t8IA5J/oINeADMs1C2UbKqu1Oq 9Y0q9tbGbsigLOZhW5jGA25qDX3QpP4faN0Qu+sAADLceLqnXC7faX+/ZkSUPH4= =y2b1 -----END PGP SIGNATURE-----