This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-fileserver-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 21:05:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 94793e9a65eb3fe1404f0b6aab46c2f9f0d2bb9f * md5sum a304b235be2524cdba04414db87f6f42 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlZ7AAoJEIXCXpWhbrlNqhsH/j2rRYCniEnvESxb9fHBjaM9 6ZG1GO1PxSPmfxsMUCVgG+VHRUyc+Y6SbXQa+5Y6HQCDLpcMupGt7zc1dZg611o1 DwraYnIeYRItsAj+EMkhkOTiNLGQbebZjW6pBUCZGPTIvaYRgs2HEN0R7RfuiGo2 QnHLBNgOLigseUyZLlXsKFFmmJBkE6FB83asBtUnfEdGS3jWZd1BueRm+n/vaKC0 ej5/IG9OYS5pIBz8xKjwrSvHZobcodKAfEVlm1N7rKB7Q05KN4CEo3yLnDLuurO6 zPl2mskUNyedGEKexZRVF1i6ZYXw/7fFFhB8+0MmPsa77epdXk/VmlKfYGGCNY4= =u7L7 -----END PGP SIGNATURE-----