This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-bambooinvoice-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:27:44 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 8bf7179e2161bdc7e0f576fc19e52291926d5938 * md5sum c3980b993f31aadd6398ad523780c1ac You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3ClAAoJEIXCXpWhbrlNhugIAJHElhWxweuC1ElzV/JmQsZF DqKOSbhnyWP8AaOQobZc91O6XIjGHpSuzxI1EYvq5Lz/mRnX2ZV90hXSDjUgrObr 8hpPqDu2Tq894SiXVibM7sFnXrlFfhipPjkf93jpnkIOPpkU3ZOs49fyL4h9q6SN Wr7zTIc40mgwtbG3H7Pb1irAZl1vJ92tAGL4UEyCwpguz+eCvYJld5V/9tA2JmNX JYpcAPNMNwr5/V5PhYh0epgAkCe/MUKwq6FjNIgWlJXosdfennhBOJ9Sf9h6wuVA Vp/6Tumyff2i0yiuSZlvOQv7mRr0dAGSG2STU/s1RCSffi2JyUImwoCEoVmc9zE= =ZqIt -----END PGP SIGNATURE-----