This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-otrs-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 22:52:08 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a94df452189ff3dda071fa36de4a7c914b999819 * md5sum 3628ae602f67752e4401b3282580add5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrm+NAAoJEIXCXpWhbrlNlQYIAM0gVrZ8KZJmcpYQEQE1IfXj AggCZhdVK7mzi5nZY8/e0HOKTh0W3kasURqjfOoFzAjx2r5+KpCT9j2n70FIJCe5 z43XUSb/nTV+6xs2IWjZFL/GaBvAp63FdDOgo2wqzADVskve9OxX9UvUKQAw55Um FkJv2MzGhx8+x+AZUyWqlAzigi4tyE7TUi5IlfAAQMILP93paKExAGPzRLC7xksq zfSJqum5kwM3Zi+xAFxq0GGdjMbP1GV9L8Eskkn6RAvgj+umfUlscZeFe1JlDoxM 9u/IPIMdPtWejxAwFHNFtIu6wvVxhxyymLtSNsK+UpBeMFJPjb+pJoFakmcllo4= =eG/o -----END PGP SIGNATURE-----