This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-punbb-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 09:53:57 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 18fe09b5aa433adfa9dc82bb7d8af0f8bcc2d5ca * md5sum a597f5fb7d2292a5df7cf100e9b0bd3c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmIrAAoJEIXCXpWhbrlN6GwH/RyeKIxqfKomap0oDydvBLzM eIile02Nbnv1OIaD+12VOoHFCLqeEP7NR7VTzfGOxx0wF4D9gq6AiUs4hb1bU6uM 3CYkDn3TcMFTDmVuJjFUcR7VSLPD26PEFvtrSYPmyYBBqplyKGAPna2Lust2BWEO ufFohMJWirlIYAygz3A13rZsqbY55Dc9fiLiUecPbExRDz5VGlwOXceiRNPqubIs 54DOQRoy3m3YPnpIEX3KGqlS6VTckd5ELo+v9awJdlsfjtmTngLm24FFMl8ImxvE T8oPnxMqMCTpX9ll9+WdyUSy5XTd4o9tk/rnLB4qCgPEmI9kyizGGYb3ic2K16c= =hHFC -----END PGP SIGNATURE-----