This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-projectpier-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 23:25:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9a241609e40bb5d00757ee1e55743138ffad9a9d * md5sum 564781eb99d46dceb7a27f9bfbb3bfd9 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrndoAAoJEIXCXpWhbrlNTZ8IALGKTP0gW+pOvZjTnP1Usq8W Y7Al/ntmNVuwTrE8sTkGUK/syu7LG2ooJfT+g/bUvIMs/uc+T4Jw6mTtexp9c8Oa O9X/c1Cy7GHMB+8/3UBgh3RC0GRGyAj53OF6gO00hqRvc1S8TlgEuh89N+c02QxG YPRdmGwvcYra4Ksy5+yH1MFX0t9ionL80abZ0Zlkmj+r70M+5lHtJwnwPl8NBDup XMGl6FBnri7AuAZr2EHmm4XMP17aiydK6BL+E/0WzzLYQ6bbo3dFmG8ESsX225Yn IAy5ZIYiwSkAERa4T7MJanwLpj/n/FXTGs6tDwfA3Q9LisjpgVYmUnwxdZ197H8= =zPXr -----END PGP SIGNATURE-----