This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mantis-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:54:55 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 65b31f08b44cf9456a34747f656e9cbc5eb7974e * md5sum 29fbddbdf7d572897d19bb7c4d488765 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3cDAAoJEIXCXpWhbrlNFUYH/jBcfXDKdyUvr4vL7nrg+4o+ jcgy5QfG6VhqQJgBHnO9UKBGnkP9rzM+6cPAX+szN5PA10yUpZbIJyZkrBHoce15 0MrjYL+P8x/XRvhglrP3VE3Ej7q4qDK53mHYwrLaCvnh9HsDzzOtDC0p/Xl7u38g 6d8uyWm6GrTkIzm2SytKfVqHCSQz2yCS6sq1GUwussTA7RlIGN4svlesTzldeC0s 4XJ1lTy9PbPwBSNX8hxrrjHZ8o9dpLNJHgAe2/jLknq25tVZF/wCnGWYfkoeOsXv k0f3uoKCjxwRnyXLIuvUF2lxZ8iofqqxE09ImKR4xPfMchy2D0ySBjVVqteucC4= =j+Xp -----END PGP SIGNATURE-----