This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-orangehrm_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 09:35:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1bccbb3246adcb35137b067c31746fda19bc8de3 * md5sum c56a7bee8f9d0f05fcf50f15a00a96a3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXl3DAAoJEIXCXpWhbrlNChcH/2Lnyad9utUi1h67O5lXqwO3 bpMtGfLWlvaKO7ArF0VnZdpZYrv7kuXRQmfGI0q2LdHXIwXs3fnOzZXRMZJycuej KOWgoEdWGW0Iakgp/fRtXFuWFdtMsH289d6aYypOxkZ0OJUzUAOyshTSJdAU66tO j7GHzRuCSE3Qa7LweAVZMid6bvMbkqklTW8AUa2QnLGQahx8E6tk3Ti3GtZKohNi N6C3/c9eA6vB6FsO1ZtPUa54YO0nVamYadz5zBgdbCTSm8s9M52MB7w+h/+m8eAd KJmWyx6ZkcXBhat9PNqsR6gEVrOc3mQi87e3edfh4SPihf5n1sXul+zwTNkKhEA= =likb -----END PGP SIGNATURE-----