This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-b2evolution-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 19:46:16 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 02d5a33b27b1d6da19ea6eb8166f03b8053edd05 * md5sum f178a3b24c89b1f8e3ec5fa24ac8afb3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkP5AAoJEIXCXpWhbrlNFyoIAInWZP67cRPn1mTua04CdDjF HMCiTYrfZ88dkquCphJbQkEDvr5MlxApZf+aXdWH9SIwcrt1BAbQRtoN/hUflb8J oPDB79dOx2v87Otq68f+N7izT0HWQhdybth4VhvWrH7VpblAF2TBjvOa88E1mvzY WGUvy5D9UvAes6EJPY/MynQhChvUtKYQxjok555D1cQHWEVMtVjAdX+Uqr6GklgH hHn2NsWVbhNE6agcvQ1tz/TiJARIcNTDGAMJZ4RVCb1gHLeUtKSxkDbdCtjCYh7w s4aSr9qah5evqCCU8PA5/qplLX549qgD4YlGP5+2qBa8hXi4ozcUXb5v+Tbq51s= =ktQu -----END PGP SIGNATURE-----