This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-b2evolution-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:29:03 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum a39505f0ecde29344eac5e7121299b4f3dfbe82b * md5sum ea56ac7a0ae7f6b3a2d1d1e54752c195 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3DxAAoJEIXCXpWhbrlNiy8H/1xV0FgfoL/qU0t/bIDTTbWm Bwomygbn/Ny//FnLTNiQngYWdRNPNzo+pYFEPh74V5BQXZK9jmf2m9mmkIWrVE96 1VzwipMATo/o4CgtlI1/FKkrn/zrsdcR8aPAqjt3yYsm/8jku01ZhlmOOAW2ozlN l18hY24imiSpl5IhEc1OP8Blb265AsvKFLSrpBGJc/+OS1MAy4Tr0eplSePchh6S VViP+wWWp5ogqDeSmlYCWOel7l2F85w308UYjCthBsGwMrgw6KEA7ylxtLeUxfx9 VZFL3/sJP3iw/XSX4aNahjXClqakcA8GS7/9UsSHu8f7atg2t0Ft4d6z+C6NY4I= =XTGq -----END PGP SIGNATURE-----