This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-collabtive-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 12:48:03 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum efa397cd2c40294b3886bbe386a9d3f838a25f7d * md5sum ad3817715255b646438eb56d9a2b98e3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRreH6AAoJEIXCXpWhbrlN6/QH/RlJbRCZkQ68Vx2UGt8VB5iV dBT4manBCvoTS4/TpPDljSNP01tph3azroD2ZYmt6QH3S4cP1yvf57jviLG6cEqo DukrYz+Nxj7pVE58qqqnRI7UMvg+NPcokl30aFi4kgRXRB5UPjfax4boSWzX0Ft8 rUbnJUwnIqu1/7hu0pev/2rlFzvd4+RQLI7CncmyAmKiQ6z7Zjm6hHZd5XNFZI7F dpZl3ShWJ3Gsw7gwbgZQIXJT4d1OcMN6o2SzxQL8cB9keSn77W9WBpAOQlo983wU 8Uiun8I8g11/VLjUKdZdlVKm/6SoIHMYSAnzSwDkCnI1PuroB/enqkqwo2ne+Kw= =qqQa -----END PGP SIGNATURE-----