This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-fileserver-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:42:50 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c47d861bf9d134e99a5cca3a35defbf115fa6c27 * md5sum 466770551cdce5b0b756daa928e2e67d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlGBAAoJEIXCXpWhbrlNsfIH/14lzV7RVni7aLZ0SPICAuhn 8ReC3qVXYSVvC0p1IQ4nSUyQwnjPOCg/RAX31ScT3YPpnkvgI1XqL+/QR9MJsuGa +NjRPGUeyRxBVJgcIzfL0xphN9vJfytg1/+zQALl4yx86869HjKJhrTt4w2Zh8jb Qsjgb6PA2mrQJcQGn7O+cR3vFz37Yw7UQDTMIfW3d5wg4UD+rj9HLvCtCFc7JYtd +VZ8PvhcP7HHo1/9MeG27Iw9C9zMqtfoj3mWB6qLwvom0wtrdjzI5ukeBK76vSKB DOJDQTodRSwRwEn8PFzqpQu3oqjgP6o7fVA1xbC0EOwqxySNUTeWqetT7bAK+fg= =TdVy -----END PGP SIGNATURE-----