This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-redmine-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 18:27:40 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9b4fb54a886f33be177463acfaf0cfe51fe4f9a2 * md5sum 997760d8fb345d8c701d8ca773900258 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYkJAAoJEIXCXpWhbrlNFdIIAIZ4BVAIuh6jsPjoCVkHp2EY h7p1eusFN1Bhz/rgEPOyMaS+MoFmUVDMFpUFb6Fe85LPJI9TdW85s3vhyZ9Xvzxu g/WAIVFfG0ctOesM1Ch0AwrvbraKxWyb9FBluMmvS6EzovWPn9MVYNcWFpM+aUAB rvNzvhOWh0PFZIhv04Tx31AgCdeOwm+qnWIRRTrX3VP/PsoS4UuVxmMguRga5q50 WthUUQwlehvIbd4tlomcz1Lr+JGbVVEFnDFt1r1Rj88W+C+bPxxxyg/fgZWyAq30 PIAQtpgi25Jf/S6Eby7voyChA7UeYhwOku9Fs28ZSSzrtj0EzyvLodBd1R5PJXI= =CkOY -----END PGP SIGNATURE-----