This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mantis-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 21:57:50 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c96b972cf019b312a48079750b6b443bdbca8d6e * md5sum f4b92fab95ce0f6081fe818355033cba You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmLRAAoJEIXCXpWhbrlNKJMIAOc/a8/eP382RBVzZ5bMKeGw EAMYLDWTR7C1piI4Y7/8EeYJrrqVOTNfK6vJloxYODh/jflUgVVMvMoWKLW/Sc5y 6aifVRvnmkxi/j8YIozllPcKRKu2gRMkM3FxyrytWbfFyX2C1743agmdVWOXVSP9 SwnalJQitLp2f3yjpYQDgq9++EVvDAyG3kxG8Md1y/Ip0qqHYLfZJdP+/PMkq3TI QZe3HkCpJ1CyL//GbmkL71KWiqr+eGpEZ2VupB18iKgABDh1jmTXcuwFaQ4BLCNv hyvl+KrrMeAeHHAcOVox+hARtL/oeg6zAIC9Gyhu1ziQ7CW2G0VbELXQWyp0uWQ= =X+Ar -----END PGP SIGNATURE-----