This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-plone_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 10:01:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e33eae170409ff024ebb380456c1c345b1f14d9f * md5sum a237758c7f1fa51dd3cf1e411e82480f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmPVAAoJEIXCXpWhbrlNFxUH/3RWH9bFWwUIjPiLBce2JTNi b61X6GtdnYMrWNDDfjwLLfCR2FfkVlDQJRD1Q0Y8zvbfVUfibzH6rJqYegEp5STB q4dqB61uyjORtX5zc0R8l0zaAdTNepNl92XhkGdARS5Z1WHG0asgIxcI01kiVf3l Jitamk/3tUb4A8OWyd+FLVaSqjsEGoa7MahBc0Z/1sihVCov//T63KZIUG7SZe7N Kp1NV7Izd87Vw0Mb76inP5ZgoWDuGk1mN1ZZxletqVsHldGc5UiSr6nqbEvMFQem 72+pDaxxESGVYOG8ZyJX6hnFeX1G2e4lTFbVMzs7+dMTdNK9LxMeCntMNqUCwoc= =BjQe -----END PGP SIGNATURE-----