This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-canvas_13.0-1_i386.ova.sig gpg: Signature made Tue Oct 15 15:14:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 195aec05c0744e7244cb510b237c7b499a30c3df * md5sum dc6aba147081dc99d6751fcfb1386bc1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXVvUAAoJEIXCXpWhbrlNQwIH/1QUCdw1ntEnHaoAmMXD1OnN zepYcbmTiQV3+c2W5Osp4Lqa8gLAxzEAbWVzqqkEdcsIcpW0tXOZXwDd8qxMWj3/ dNGs7P5eID5VXSQqFLr5k5MYsZSnlXBfv3rPRtBFtiNuTnl0kcoSSAHaUZ0FWmCe ApTmlHfgS+dZ479NsrG3OzgEad5Rmrx4wtgRNTHyWQKQwJYGEAssdo/5loMxEOSx GK73UPO94+bsLr/IwROgpsjWRNB5i2IqVdzh0hJeI/gfg9ptVmckKfCq9uoE1Iwn kblfRSom7RAP5/VrGzjIfmXt/ltpWT3rHWaEgitnkCzceZVcMSFViOIUe2wiI4Q= =/rPG -----END PGP SIGNATURE-----