This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-xoops-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 10:43:08 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum fa3e255060a2c66e8391340b8cc3e31cc795777e * md5sum c766b3194883e0e30fe59d7b73ca0295 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXm2yAAoJEIXCXpWhbrlNHRsIAIKY1HMuDhshfemoMFyTRnIr 4XEkU+VuxYbL+XaULxuJu58ohdmHUjxX1dFipgsabM7kj+hKSAWQn7lJrz4ZDc9w NFpsCBUf5Uhyoe38+TiRBXpUbRU8lhHVx6xHd/sh5wudVhUi15M6XavdlO/i3l5t Ubt2vkW/HINMxca4aHI/aJje64DBDDk+zIYL2v5Lsg0ZAKMBHnaVopBrS0ji2wvc pVsC5FIk2G7yYiX57pxbl/Ohr1Xyntn6nrht2Y/YFkE3631v3KZGIasF5IxoqDty G3SCa0eL8uQ5HH+oVp3pXq080BSEshOtxxY6VgvPdgrIneUwegKt+nhtbDMr6Gc= =YDaT -----END PGP SIGNATURE-----