This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-couchdb_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 15:29:10 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2f2a7c3973575ebdd7d34f9168d9bf4aabe317e4 * md5sum da2849ad5bb077dabfadbe9d2ad75cf2 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXV8+AAoJEIXCXpWhbrlNC7MH/RF8bcqJBjC9E1Nfc9aOd0dS P+YdutucVQJb2vGRtDSybFGDOzA0gOhxD/jKQka8l5xSv6KzdtJP41ucJys9lGMy 9y8CMFNrrbnW8T9r/5riyBdMnkoFglIwNS/jQzTR2IVB+bHLtUgM9M4j4hf8olXh ZNi8j0fhQ3WhQbBhVPXOblEG+Y7gQQyJvtXadembrClh5FoW1GAKMIV8Zg2oUVN3 3cv5BH5+miSX2BCUUeocH4SQztrnn+KLBH7eKx5uqn/pAfbQvWSwSSXQJPstey8r X6JpZbfxA1LT5VHo6kOlRowQC8SNK3tXmJ9tQKDTv3BGKSOIuobILN0PZsoJ8Cs= =l599 -----END PGP SIGNATURE-----