This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-couchdb_13.0-1_amd64.ova.sig gpg: Signature made Wed Oct 16 08:18:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 262d45a1071b44a70a49cb78781f3ff2ffc3976b * md5sum 2c14b03b36b1fc3dcfe0bb3df6bc7c02 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkvpAAoJEIXCXpWhbrlN/QkH/2wkfWKrUIZ7V78I5EmCLfP+ GsQ2K4WvR1QGkaFfURfhH2a1Z+QqMEKGrfjdDE35wnGC+EGihiPh/vkunLarHVE2 XjZJTXj63FbSXucWhGQe4HyB1YCB1Rm0TuOn5Daj3ZNNES2Fud+TktbynaLRq/f0 5UjqgG6js8IGn4W6daoT2j6ia1bMoYMFGZXetdEFyj+qZ5nuFNXLmgyrtsTVZ2X1 PytQAa3DoIfOY2ZwWEP8mBvf9V+/3Yfq7dAhr5inkkwSmxSWVmG3Jdjc2uSptJZB 31bJRSlgelss3D/F0R+ro/5pApMkYqDaKTyrbTVVWZHwRjh/YlDG/ED5bIHKBEw= =8VuD -----END PGP SIGNATURE-----