This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-fileserver-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 15:55:18 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a54a7d5d043f1e0ecd560311bdd9ba8e5049e635 * md5sum 64cf291ec22704228c62f490138420a3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWVbAAoJEIXCXpWhbrlNL2MH/0TtIryO0BkHtAn4D6Dd7L45 5NPVT9sUeRyuKp4Z+fra/keuLneqU8O5OTksjojWi72OdhttwvZj17lTeX98BCeT 1q6WxXkVMeQ/BHChTS2n8TWubU/8sSFgUWJk1GmMwCNmDRzVOWFrRA3kyI6BF9z9 gV0+O+prX7bzUb1ive5JcGX4yX6ZueBUfYplA3npSMe3gNhXOHuY37j45T4k5v7L DYwkPDpr8uaDLSPsIgV3Tdj3edz1QdNEVii59060BlUmc0yNawZe1gdaTwAEaRTO rNkTAy7k2yyBm+2cFX1so9sCBVFwohTw05NQIf3kgRBEnNu0mTZpvl1nyr+hZKQ= =z0Tw -----END PGP SIGNATURE-----