This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-oscommerce-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 17:33:00 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c2229ba6ffdb6227507006547aef9e631572459a * md5sum 42e4e173740b2e4e4b09b4424cb60bed You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXXxAAAoJEIXCXpWhbrlNIjgH/iqbr+D+EFDBOM3Sqs67UgUp Ke/TLp3XwBEUZzX4oeWYrl4QrOZ5QWesJIYHvCwX9rnYVhwZavaHEAhg2pYpOn81 xXmKLTZXG70XELByf/2BaNyXgdtEzf3bUJyT3u7Y2YUZMNVQ3XG+OfU5ANNB5Fb8 GX4IaRznb5fOhWZ2JLuvFAPw62mdYtaQt2tNqxwfYJaIG7tSQS4uQFBZYxWoNtmC YFKkA3SEK6fYnRA1KEWsfUCYHEIffjAYANlcg/YCcbNzn1WVB21Pm2L+XhqA1ir2 rbph8PRl3PnDfS4+R6EQ3ikhVGVryhTzNrbr0EYRC0m2fnKeiej/PdiTgV2BC2s= =IBOm -----END PGP SIGNATURE-----