This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-domain-controller-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 20:35:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4e7ba3afaa6461c6d20e8409cfc04466b3839329 * md5sum 03b233b4eb80f9df4047dce64c146a98 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrk+RAAoJEIXCXpWhbrlNdA4IAOV7oLPyPQ5h2FHYBvTNotpM EVMWvNn6NylBky59vResNKFf8H+2cMImPI+aYPTHsHX3p2VWk+iQaI2cd9wSZdle xDSZccu0Qarr6GdOwjv1GOvx+YEL3Gyt6ioo2WUMOL0wTUh3KKlvlAmm1Zaxgxyn TRtPhmpKfAho1OaKX4E7LdBmAuUWw7Akeu6SwKKKpgbuFVdZ1NFNQb+d1oAUS0uW hCp7EbXpeyNlSfjyIrv0zpfZaJjst6qbMThivMG7TKzTHX3PbNti0bfGmthsBSWJ kps/CHOw6J4iSD1TOz9hcO16xF3zvWRxk6L1BASH7Nj5EgSlzh/ELniruZxWUlY= =T+zA -----END PGP SIGNATURE-----