This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-fileserver-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:42:41 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 525948ff0571e4ba2c89f17fe90f230792d902d8 * md5sum f4b719a755db24406c40822fd153fde5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlF4AAoJEIXCXpWhbrlN1GsIAJo9Eh5+zYXhrABsAyfG5Ltf D+6jnrBIKj7Uh/y97N0794O8Oetz8bt/0VSuS0JziOPvA9ETJhg3NVsuAt+kyuEU e/WEGAu6nGp5GIwXB05x2TRDd4mSPvif5Da8oP/Ah404RhFzq4d8uP27sbooX8Zg mhXaSHjKLG1CP1CNKfpK3J3zW7w98uIgIbYy1eYPNWks3raJlPLFM0UbhRKY2x3t raiGFR7RP6jg+cDY2ir9PlJK0OxsMjWpp7AgqaVVjNSjT9P8bMsEwJx08UR/Kefh Z79i5FLHqaEkbA/ljwKY8+Wg1rr/qxyhsPZgFmp8NinS4QKHatfZgxpA74QvToM= =RiDx -----END PGP SIGNATURE-----