This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-phreedom_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 17:49:17 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 89d3422665abdd18766950e1c5efa6398bbf128e * md5sum ae3b5c4728768cba31132655c21345b0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYAXAAoJEIXCXpWhbrlNJ8gH/2ttVXIQX04EtaeOSpmkS4Xa ztQr7mLb94yvAzL8rC2sV1y3sdcOBfd3Uon8U2lFHzilZgItyAFj+MKwVz967Z3Q qs4nNbOOYZ2tXR+FueODwd/JJFnLnU+kWc4QBEO8w1PDpGFSP7YrWefKDuR2ZYMW qy8H3Bs9rJ28EGvZiInDHZ1gC0Je7UtoOHNQQR297miNCm0/BZvPRC1jn6M6oQ2e tcBijvuGrbb1s7XT7m+Hz8fCoxwem8TMz4sVyFKllIfW5pBOv5q9+sdg2wHkQfzv OFvYduC2EJLbwv5KRlQyrZ1E/XJUsXI4ut9zidU8sekzJbX7rZl/uzTujyHFB2s= =PhMA -----END PGP SIGNATURE-----