This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mambo-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:50:36 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 8f73a9d0995b1ca91587b0399dd300c2f6a702e9 * md5sum 7dc44c77f0d935400a9c16553d31f9c2 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlNTAAoJEIXCXpWhbrlNLBQIAMOFhETgjDNM7847Xxsng9m8 2u8zkb96LT+kq4PaRopmCBQWAt+oT9GOvuBHQ155xl5LOGxPP1nkXa9Wwo8kyuj9 vQyKYsxlQUQrwUG4Zhnb9ZE4JMLl/TFx8iYhOVzHzn1+j/LmbcBdPAtIXk+OvXHG y9kAXNfRbkKAs6UUFFjf9+uy4+kQIkRz6Pf1ID4R4VyKwrbdWSxdS9tlCJOc3sxt B6yNV5EBxOqaP4M8ilCIGbsjLBN4xQYq7Hb48avHMSv1ujZUNRV5mbM2Gu+aPqz6 cQ9mHszmSw4ljMyaBnEgEelDzMpqs6twHXWvotQ7dMcsxBNM/77AsJW9VBdVwv0= =HOEm -----END PGP SIGNATURE-----