This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-asp-net-apache-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 19:44:54 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1f67c74c099f7eec9944712d0cd91cae3430db0a * md5sum 3d705312d30d60e6c0788ef727a9b1f6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkOmAAoJEIXCXpWhbrlNv4IIAJZFZHqrekPpRTACvL4M47Jl g8ai+1rlvNrcj1tN32oJ6jULHl4uTfhu0ccBvt65vcY9izlHxA3aYT6kTQTmcEWI wMqpwX/ofdoimdf1R6IUi3VCqT6juepbYmBogUg/9nNZpjqq4QMD8DwbCrvjxvq+ sfa0xlbxTBe6EmHaxOgB+GHx57cY7/S2gtOzW//0xxt/cv3URfQOgnYM7915rQ0z OuFpD9VMskXZ8x0D9GihNMVMwvSN1Gf5nxo28gotK82oywQLPTqjDbldpXEQIKQQ AWzFjbH+ssFliM9+6VEm1sIP50P73kLka8+vjnvVbn+BT7c1Wjztv/QgDmdF5+o= =g04M -----END PGP SIGNATURE-----