This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lapp-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 16:19:26 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum aed4f084171e82fd9c3c4d5b9f2b14a775ef777b * md5sum 9f1e0b0dc7e61974c075a86d3d1d09c4 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWsEAAoJEIXCXpWhbrlNHCIH/3GFINKa2om0Aoa7zbl5TQ/m dR+CveZ40c6ZaJz2+pL8wgJlCBPn0IEqXp5enUV+8wFIWcIbE1NvFOsUVnL4VjBH YYviv1FFiA12JoAVDF4qp582M/BLk43OiLoG3DIgZ54DLNsbwWTlV+rxKSIR7W/l IILmlDzPUbyAK10hA3vCdZgCVnzBlGwDFGmeDc4o7vElTqltauACNuTrJbyjDYiq Ch3CbTtAECSWlV7iFLGAHmFIyDegn7n2MvQpqiu8R5rKTp1D1oMJWNW5ikStdGqj gfqpQyRvCXVE3SCkJiS1P8mckRc4l5vjWkibv23B0Lg7NEEQeCeoN4SxYh6bDCQ= =xz3f -----END PGP SIGNATURE-----