This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-statusnet_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 10:17:49 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 159d5d61dda6ac5ba35f7abdd430524018b2c091 * md5sum 1632a69af4aefb3796be24425025c2ae You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmfGAAoJEIXCXpWhbrlNvnQIAMY37FIPYANjKrAbUJHj1mcg H2WpgtJQ4uR/C4j4OPnpLIxl51IzJcJpwyKimi1Z1PQU6wsYwAX8DkNGJAsWSsj2 GvoYtXeq6gUstyfcljUIewCoDmcWV2zZa/sqL+5wumwPi3pu3nRPbQJQgm4arGWv ehmhG3CAU86OXoQURHf5oMRYn71MXuHPIY4/QpF/Q2tdsQRdHdRuM4YW9JyBdE20 UI2AgNNMD9CZl4KF6aeHawf9f8yRGLO61zdBc8CQLVn0CZYTP0yA6lamYesfhJXe vX/3ulsfqIbi4BIyWxTH7S35CYjE907uS5TrwKzStrdxtlaj7ft0vr0J2Y4KjAg= =XxpO -----END PGP SIGNATURE-----