This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-rails-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 18:24:59 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6ccd1ae7eb1f85a7e7701319ce3e1d6e116af94c * md5sum 0d64d3b06141442a5a2e25de1b44ec00 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYhrAAoJEIXCXpWhbrlNf9cIALjwVAwCpk6f92TiXQABCuy6 +eNO8GTlKGCfAfi2zo7SVI2tKJMAXT38jA1pfZh2u1E1hDUPcDutL4eVaAI6bT47 sfW+0XkvxCDx/HHzJNR5OaslSvnbc4uVOjtlKZx2IAJiDF1/gMeXtgl71qiCB4rS L/eneD+akfH7SJksI6KDEsPJOWRKuAh+ht8osCj+y8zBXnqljEJhoy4Nbq12/fvh plRN5TgXsiw4jhX1zPwAxmWu9ld7SmE9YsHB+oD+OWbw22bz5I8KLo8WysCPEzN4 sBc10Lj4JFu5gD/uqhhduQW9CejZQcgel70Y3olD67ed5Lh04GSmHJW5bgSJgA4= =+ZOD -----END PGP SIGNATURE-----