This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-icescrum-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 16:11:20 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 8ab92597831e233da7713af1e3c2e372f49e9bbc * md5sum db54f4fe5708417d4897e9c8175cc680 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWkVAAoJEIXCXpWhbrlN5OUH/2ZcOSGhnOhUO1HkCz+aTE1A 0I070SapNbX2D9cDowxB1ola3kqwLNXLVb0QQgtK7SOP2YZ5bthawhxYW4eD5TWK p2OtfiomTMqs+Ji2NpEEhay8uBjY29cNmIALpU56q5QhKnRW1rVuMdBSjvcGhmbT lV/FjwMJe3K6zbkLt0YfZL4RzzXcEjUBEJkm/611FaWsJgTjnFnNOvCWQZw3O6eN /O6hLTusposzp1g3C93uqGvLAgoI3m1PjBnWRch0Bc8paZSg5HIf4eCNV110LS/t HZZeOVWXGfj33A73zHuIHfIDRn0VbKem2u/tWY0cYwSzy/kCwBR2tFTs9Sm6Z34= =Mu1/ -----END PGP SIGNATURE-----