This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-cakephp_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 08:19:08 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 96b269e065a61376d0bba8971d76a06aed45a2b0 * md5sum 2827ffe94b1c9298ecfaa9f6be19ee2a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkv1AAoJEIXCXpWhbrlN8FgH/iUcXI4v4MU6JcPJLH/muNST XacObjEv6psPOTOKXV8op8QIMgimtQeSX0PC8R046CGQ9pV6ToJVqNl2avXhLvWC +AGjI6wHlSQFsFsghK1yNL9GvSsiGnplr1lljIh/rwSqdomcPD3dyEvn6e5dq9u5 BkLkEF01jSb0HAwPX6wpk7mrCznHVvb9/Qp3PkPHDl5T5zGqxu4oE4IgJLPVMtmR EGitxaxz+KMRK1mI4W7fkYpJx4lc5oAPJ8YOaPTmPrTaiiceRFkxHqYebc/Ld2Fe ZJ2xN8TZ/cPAlOHMhyzXdivm7m9rIa0wkDGYEqxIpR/2s6bM7t2XKC2bYJXM7C0= =ooaD -----END PGP SIGNATURE-----