This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-statusnet-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Wed Jun 5 00:19:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 427d97ee3f2e8a8f25da9f68b202e0aeff60f815 * md5sum 2b29052c1bc73bf2386788564ad582bd You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRroP/AAoJEIXCXpWhbrlNoRsH/1xP5EkuQyqT4EeMr9FvbYLx mWJpL8s6FxrWRn2BlBTfJ8v5DeJGEWkhJGSNJP9B2NweyWyOdSL7jg28qUjyOOR+ GLUv5EJpuwWUkaLvzpQzdNk93bLrvaw9AapS5C3iJmKBlMiZ/QPX+WBWRvubnqS/ m7HDjEezMsBHJ10sOl5g1jXdvnIrpV62OGhrwg8TpW9Cm6bYhOlG67WeO/oV/4jK pLw0gYpOq+7NlTVMGanfLMXqcWwSGdllt6OV/Cuw0XfAIcwAd7DryjL0YxJKUNFw lIehrYElB3d9QtZpy+uwLmZNrtaUbnJI5nR+JRBgN85Bu52TdQUgohPl1KZcdoA= =aoAm -----END PGP SIGNATURE-----