This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simpleinvoices-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 15:56:03 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 71f4e712423d3a23bda552e938c2b4df8fe02dc2 * md5sum f63c4493ed45e01a7f3c5b2c9fcea46e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrg4KAAoJEIXCXpWhbrlNRzkH/i3BeJm1XoYNnIfoGof0k2hR TGNBra5XtwhesEWEuucJ0xvxdDZ92v1GlLLZV9DPysY+KcR+gSeWfjWy3VPdXnCl B3c01lmrnA54p5WleQNyhkDk24BtINZch35Rrzzn2S0qNhQ1uBmj0hzA5A0mebUo kv1SwywXXOMqgqseuv5qfT3h7UWV8qVMGfqZcfZUvr2e8l5ucJ8rR+eCytbVbiFU ZcFEPDqnDOXgz90WfcskdSEhnoVirehFNJHR/FYFIy4vnTbkkudkwal9w4UFhV+s z6Sc0PX7z73qb+XRt5lLzDEYNgAGqGtCJ4Rz1S8MozKCwbM8ofTCu20viIQi0M4= =KR3p -----END PGP SIGNATURE-----