This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-icescrum_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 16:20:50 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c2ebb017c7af92d909a880d0b9b6597e5375e74d * md5sum 6ddaf5f04524120d55ef417f32ffa213 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWtTAAoJEIXCXpWhbrlNxfYH/24CK2gSnJEfSvpdvkZqTNNX ik1uwFq4nXEX86vaZEJg1IiSzDKI5borYVvfrxqAiCnagzhcSltY+Mk8qmxf5hab op0w8fef7pOrt6QPo/RyUi7/2kiP5Jok2R0qLcCK1XzWemQwXb5L4ab9M2raR925 AlIu33OIVjZyBuPYVXAL9ZNgOcm1NnPLp5QjP3rDYjtbfRc0X3qtN7oSNgUVLNx+ u+m3Ilx823JZ6MieQASKig4+bHgLBvc9eMVKA3V3Wz8Ek5IQlgSKuna9XLlFOWlS N6e1aIkamDuaMoph9fW7C3CG8/snRzhyttLkA5bTR1t+4WhXtGygqmT10bQvQHY= =th1y -----END PGP SIGNATURE-----