This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla15-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 21:15:18 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7075be3b61cfc0b9d649d8c1f705f2b997549348 * md5sum f74ce4eddb46ea9fcd29242bd0252b13 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrljbAAoJEIXCXpWhbrlNy2QH/R1r5lxDSaG6SyORzbUs9ERu UjEW3BSHiOTu5X5m21eJu2yXor0iaCCUxHWysKlNYazwqCgaaGBM9kihHyWBzLFk A2TvQG6Y3e5KecT1Mg04LVvtw1lGqzehlsOQDl5PAGt5J13uao3D2iidfFWL7sWY 3Tu1tIVusF0VC0bQ6poYy7ZwxrPamd4RdNqqlIObtScaw6G3FddVXpBZLGfz+qrz EnqoOyfC/YfhLoebTYz7RVUvGf9+DogbB4JxHwDt2GZR+S59+KRyI7kgeMmch9ni 5XXB5xc7YRuXDGPwG2LzVTl8RA5hG7X4++a1XY2DBKBXROkPp5MjwJNNA7Sni2I= =nHEe -----END PGP SIGNATURE-----