This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tkldev-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 19:25:57 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5c97ccfee112629ed21f04c6c53e30f2b86df86a * md5sum 525545aedb443e60fc3e5a988a9f5f1a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZa8AAoJEIXCXpWhbrlN8OkIAOqy13IrzKTduAF4mElnOqJj z34v0CnrQBFkxj3/46vINbG09q2lz8+m6IdpKtT6u8LPYe2BS/4HDVzp+vR9zU/8 U339iwBXJRuabnPs/irWB7xSiwFJEb7oawDEsk7RvxYmnR2eE3zDOXuufAdFKz8a yypfr+wV/t/dobHQbpOG1uy0vhNKyMwCiN+yDhZx9h6FceM50iHQtGpWkXXpY1on YSqxeQrSfnxB3XWwSK9DD142SBXEK36J+8ZtkDBDlwPxWvww+/4QzFdFS2toLfd5 qCNcdMMV/kYyq3Oq467QDgwKeAXyD+ntvkRNojOj8pN7lceTL+QiU/tnvACvaOU= =M/PT -----END PGP SIGNATURE-----