This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mantis-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 09:07:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum beaf86aa68a8643848246fbfe208bdd1a32770b1 * md5sum d8f698155d5938e262d8318a11b09e97 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlcrAAoJEIXCXpWhbrlNxTkH/RtbFukECErX7QmlKpuoy6xV oL9uYPgM1YpI1i5yQ0+YTVONrNG0ssI9CdT4aVJ/lw/5SvRC2hSJZDqpxQJmoYh9 wm+3sOJ9m6vv5iswHIZdITJAtqaUCRaEUN55//Suq3XPxQOGvv+MRVN/cB5uZLWU P3SmY0+pJy2/4s/bYDg1O5VjtS8kxpRHF5ktalkn4HXN15BcZWAG7Cl1/p7HHDRY xvASi9B8ULac89EkJ2Ys0HicrQGhf9UfgCxthSNInjvr89VgMgSnIzD5n8UMx4SX V2vhPQeAiUmgtsiZ9Jboj1JApImsX/yBaoxbXNrdBuuxTKueuTV1pbdl23o5L8Y= =9YOF -----END PGP SIGNATURE-----