This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mambo-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 14:08:26 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2a5eee67ca2db724e1b5dc8cab097f19bf2a3abf * md5sum 34bf55548788abbccbecd45790cb0c40 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfTQAAoJEIXCXpWhbrlNQVMIAJLTpE8TxOLvdwefPRD3V3Z6 orLByX6W/rdm5NVptKcYFNmVxBzvYxa8f0N3gvfey4q1FYpTqb4c6XB68X9hRHTo e8MOC89Hx/jeZYSN4upZyGaW0icx+2eCEsg0u2ZCREZEB8q/GynHn9SJva2rsveh GmSSPBnTkO6a2q4QYCg1iGpbYohWwhdixpgdx5DA93mvWo41RyO5omhCJngu6mOF T3KrV3Ya4cr19aSCWXCbP/EzgvO3qXjegBoHzIYtWnPBgYvFTzyyaENgJ6Rch3U7 PwacvD0NZuGKl8s5dssnlSRkpawmvw/lGSiUzbOSMe2qGa4PBCdRYXC3JGH6+rE= =CVZe -----END PGP SIGNATURE-----