This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-osqa-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:07:21 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 19ace89a1b651608f1a25defe9edfdd883d903ea * md5sum cee8a95d77c33e454ad1d4ed13ee918f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3nuAAoJEIXCXpWhbrlNLC8H/3rHLESAofYVZKJYgnAfDGeR 4EBQtK+ldcWmHa9ESsyySSPWLtcMc2mU66rAQUZP7GnCcJZMUvtdEbIqwxPucu+p 53HuVdDWiTHq5WK70+9aAOWm+fqY3ntpF6WoAZLeq9J4nNvWTvFFE/clUDrajSnT W86/mrAKQ0e16Lp4PvdbHyMhDRZoXQ1RLF4SAPXcyIbjqJ8QNNWhLVvrqQImSdOl 398zliqRZlM3gOntdMypGUb6Cn9RT3vv52dwduHzSfBKHEkgLr+BqYCpR+NL0NY4 D6+Qt6S866LloaCcbSiCiZhkIaR2f+/YQ6oNfA8iJW41H+A+i4tchI6CJ4hWZ/Q= =rBkl -----END PGP SIGNATURE-----