This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:44:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0dfc61864ef7fe64bd698cf8159ec4db62e451c6 * md5sum 195b487a62a9d89677fb6bc6cf4f66af You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlHwAAoJEIXCXpWhbrlNYf4H+gNH3RtTY38OnL5vMteZAdwP 8YXUptYyPreYe/8d7XzEx/PHxbcS4dkeIpzGzmYPbEoGwG++c1NKXQpdHci+vNnN HiMz6l1aX5zRrYT4cIflBwzz9jv9a503lbRGI/DnrqLR2JoB7LaRdxKcjD/thDzR SMy3kahivK68aE5Fe0VEPI72vhXtkhPiW5I9s9uVQ3Sxu96R7hO6PTkTKn66wfNv VIazEo5XAL7ONRab5qYbMYTKdbLBWZtQul+j8pPwllWuA9mPr6v3w/99UP6P4NL5 7okv8oVcb3IWn30DHl/aZgmd2Gh6dTMm9g2TGx2LTDw9wsOcBaoBfNuwEkxIQgk= =YL5g -----END PGP SIGNATURE-----