This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mantis-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 09:06:51 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b09a8bb8f2218eab4f5717dbef6d36145cb130ea * md5sum f03e4ec1ad626afc9aefcd95c6ccba86 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlciAAoJEIXCXpWhbrlNNqcIAK05985qHcfYGMBGUV/O30r1 pikGo8IgrVt9w7psZ6S1Ah6HI6KgpPMGDhS7BWSiLJ8MXV2G6UMgXV/m+C3pK8yK b38pxfU9D2ytkX3k/2BUshfFPdkTiuoHw2GWh/DYWzNty5NF+8Z2TxTYEA/xVJBg ujiR/fNwg5U+r3qUKiXaAg8DNM0qzP2NVsWP/Cps+8DbzlFzfuLFf71asfk8dXFU 7FCq+C0KKhBUxiyKzRMtuTSzbsuHQpaBHGTTUtq04soF1Rl9jb+oNdym4EYBUyo5 0qqkfuc3PhIaaXXUjPrP5RH8bV7CL0NTLdSzIroE1Kh5VthI5mmBzE8VxW7Ob1Q= =feoO -----END PGP SIGNATURE-----