This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-xoops-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 20:09:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4da599003ca71107a5a41ff14e37fd41abbe0f66 * md5sum 51fb8791cb5b711ad13fee6d5f1cf994 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaDXAAoJEIXCXpWhbrlNUiIIAMoV9lKLHjY4S2PpPTC8RONE kAMeGX8obpNshYIG550VUSwWUgF/FOUJT/emdk9zHzYfapKK7wLYfYlO5BGMq4F+ 9oLp53rIHV/41OJVHESsn65K+RalcECBRj0HVRLfPynBOzVdhZ9sVk1I1GveN2+r k8OF5omVVJXSURb6vi10tt6IMCClBV5ezW/AZfXeHH6aUrXN8i2mMGxdlTS5zOW1 nhxmwVCY1iUXCLtKzpat7EbGR1uawUIuKArXtXLa+/P7uSi8QRkQwxBgbJG/7VO6 AZQR6nD2iwuF5ZPA5x5s991qtrNkCkllu0urMZuldODaaquKrL8sVOYfl7+i+Vw= =QKOi -----END PGP SIGNATURE-----