This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-pligg-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 23:19:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 84ad233963372a5bbfa4c5e1f26deb69ad7e14a3 * md5sum 9f499433b698e90704d42e93266a38a1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrnXdAAoJEIXCXpWhbrlNhvsH/3T21JbOp4rjZaYp9M+JayxO k2u7YTxurgXcYKbWSoDUz9zt9qVFci6L3eYCHx3ckvNTYpDbivKnpl6sBa/XEdwX XbVM1/S2230IiEUJ4MjazOmvjsiErYkXTpHtqTaQVaeMu/bvd4ZkbFCIQfocJPHX FslQjqKXln2Lg0CjQKdt0IfdrvB2ns9hmWVVpqYQol7FK7S2YNQp4avu427Jyer+ QYih6FxY8RRfOVbSj0rcpsQC48qAoluUjFzXUDDi5zzMftuk2RGKZJkvTbTysQ3Z owKbBRqRnou3lz3y/6Jw4f3N3pa8iZlZBXe+iImB1dRNHgE9DStlUI8hHeXd2Co= =utPH -----END PGP SIGNATURE-----