This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-revision-control-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:21:59 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 2ec125fe1290f9a33edab3c6332d1c7277b96bfd * md5sum 09d438898f9ea22dc4886e3d123641bb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM31cAAoJEIXCXpWhbrlNqqwIAIkmrie7N1t9kZ30Q0vfWtGn szCrKvG0lgeS2xGXEV7Fl4odEQyLhwskQqdSWniFIItWwENs+bLpYBKwqv87bRoc NaUgwwQDYTcg5DvEvQeQZfyEGDVGDVADilJ85Y53OmTGzQMvaIS5vjzXqk3xIZGT wrhRGXTg+w3cKFztGfzLglzcgh9NIozM6mzsS0sZ2DZHYvQ2HzgOyBwi4SWzdHMM k9cG7zaKzfVKoLX0nwSClsR6aL6dGo2f7n5WjK2hGE9bU9F0zMBmJCU8h+5hU77f UM7fiYCxfkp3W4gksbZE2SBtDwH+9rS61IMdkbQJB0qR/oxbPBUQ5hL5PfH8hAU= =gFFy -----END PGP SIGNATURE-----