This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-concrete5-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:12:36 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 56b2078413d21ac6a649fc1a38f31b3e0dc256ee * md5sum 61c4643d8d82ae2f638db0f53659020a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkppAAoJEIXCXpWhbrlNMusIAN0UUY/UmvGrJZEvYyPgJ8ro YdLyDFCZKqI/FgejlLq7TIlMaZjLGgIygQhUdA7jsqOmHqcWDv0S5KcAb5uLv3N+ iWIJ0vUt6nrnWQdte6Wsj+d4kIbEciBp/KwIogI3TBGEk1BrCTQWpap2HUEG5HgF m55X37MniolP1e1D9nQa9+iGZUJhNFDJttvk3I4YBJi8AKjDwrEqrfuW39LHeta6 15rH162XnknVy2TAH+ZO34V2FBMKCOzF4grZiIuIB1t8gLfmvULvinWJMpzGSMd8 gB1mqXUxncCBnHFyAYR7PCy9j/dTraAKFNHgTr0Hfz1+EPeXVIoXGBqkl1Dp5Yk= =gAaA -----END PGP SIGNATURE-----