This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-plone-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 18:05:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f23f67a4101eac1d80ceb520c52578d3133f6a5f * md5sum 5882a20038ee2ceb32f28e7f9b123077 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYPcAAoJEIXCXpWhbrlNA4EIALqLiEoQS0rsQPx/VIbe5PbS +s1AhxKwF48l6HbQ19cSEYwXC2jC6MCcmgerCZlKggFTEtPKmwlrsu2xHGoec2hY wxWX75W9aAHAarnS//R7VX5w11aG3bfjO80kHdEEiut9zUKzc/qlVCTK7mWJo9Ig YLKiuoJFjvqBbjWwkG5uEb7ra2AzeARjgMKEsn0uv2tNhJpmzuFnCgtnYuu4tBZw A1wrwwYcXvr0f0ZruX85JI7DMSrlcKwfVYPivE35ECiW6OhVUEBoWi1JZ87Vo0Dn IEFvb5YPX+Cqb7gZ0RIgwTHxms7210E80re4RG7Mnd7z4sSe5tirvrDxN99iLZ8= =8Vfr -----END PGP SIGNATURE-----