This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tracks-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Wed Jun 5 00:50:25 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum bc2a82a8bba2562ba39a2b5f7776341ae1dd2b37 * md5sum 9be7a313f57311f91a9b7dc92a9e83dd You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrotAAAoJEIXCXpWhbrlNaXkH/jxVCppSX6mtU3kFU3frggeO jJI3TTDu8s61wQsgdwD5YnPk/NyalhgZdAPZl6dCoWFDbClPR9tkBjI6tMcQGRLK 2K/g8NSDRUnAzBR+WD9KshYNE24AKuB+ghn8hP3+P1Z0+ZXZqxKQqFabshjf2s60 zgGTXCEteF0qARVhcDM3xrUBs0K2MX1inOeZ7J2ZsCVDDqrGGWJBJpqfnOoZ3mkg zYkeaYzAREQCya0QJLAFt2MMKoDS2W7XKNukd4bfgJ2cDs/Fh2/F6ZSth3LIg47i rhRNnbdujo+Y8n+Zo4b73/RobpclyFNW9LDow+rvGyA1LqefzNOXX54U+ZyvxW4= =IW+d -----END PGP SIGNATURE-----