This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simpleinvoices-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 12:25:27 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum b824831d3548aa3ebdda50dfb9006852c44c592d * md5sum dd19be2b97950827db99d23b226f75f3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM34qAAoJEIXCXpWhbrlNrskH/Rhl7nJYDpOiQB5KBAjK7iAb 2p+rl6RSD6rDTD9ZX2GvxfwT8mLbuajKep1n0ph5n9moTEO8S6u9/olxhQpBpCLV ZJavki/g0jEBiW3MbOpjyQuauSpV6J2EBYVKKG7lY1mKTuTB7y7AZBGJNVZUEleX uVZwW5iJ67Yb4bKeZGzk0ExCQHUuNx0b1ndR5b2PSo9fDQJaQXl+3tVgkisPiUVD sTKNS2eiuAqFHDyUHKxe1Fp9LuerlOVgBa/1mKKRqrJ4jCMNJ2aeVvdeewiUZo70 NfDLrB/vqXjCY0g7nA2zq4hj+tOYgN81jGJXmVw201ebHZNd3LrCSUCQIwDcDbU= =0YPh -----END PGP SIGNATURE-----