This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-xoops-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 17:06:52 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7a6051f81a1c3098b27589714bc9e7e881741b9b * md5sum 83892b56711eed993dc3b7a3662e85c5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrh6kAAoJEIXCXpWhbrlN+uwIAKxxqTqGfoWHLp2YeKq/jYIm BDdFzYlXvn/8AOGcGKnJVGGpBarI1v0b6Z7kwY2QrySayKqNqaGvk1EhAQlqb+ws phYPWuyj3tigfzQ48p/PspgV+6K2z7DBsP7yHZvSrHe9rBWsdGBjSwu8cchFSR2c GYSbM1VNQcJ30l9MBsg7nVZGJ0TeA2eEaOK4/4CXVwFNrYNLLr7J3GwOs7Sfy5V5 Lo2lLuIWN8flI2UTWC2ekWG4C7M2iXDJXMT0G9JxIhL7XBlX5v0qyvT4mFEhtQh5 wZPni1uKlmebNwsJDY+NO47YD5QXr6lD/wuGk4SEM5Eu1uJt0IqwC/sEuSWshro= =89Rm -----END PGP SIGNATURE-----