This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-concrete5-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 12:47:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0f7900f277ba009d1fa43b0c70a0bf9740d95c58 * md5sum 15244505086afb9f15768413d6b0b841 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRreH0AAoJEIXCXpWhbrlNG0MH/jOEJYxaYSbcnPaQpvlDDGOa nLAyCQVDrsCjr/cWum7cN60fo6OdqLaOo8gZKCvyxpkHbiWUBe/dhiA5Za+ONQSQ +TQJVDUyEfZejm8fj5NcW6QRPZQww5q1SG5eNfe5WBaRBJgHh8znTM7R4XiNidvu fVhmVe45mf68Sm8eQRcZeJaGRV43/hAW8YFzcCBaOY1pxVzf5cr63o40Y3LV2eQ/ kCIpGBXYIVU+qRMmYSBIK95nT7iHjZFAxxMeWMbvYcXXXPr4JZHiz7Nw3jWHPyGS eXO9UfBtbQRVzWFYKJ4487447Duvs4hcDx7zf1k9WmqpkT0+ACl4X43O89l3dDw= =3gm0 -----END PGP SIGNATURE-----