This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-concrete5-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 20:18:40 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a9eac24e681e3cf424b3ea5042d1f6dd60ec0ce7 * md5sum 391c86abdfc4831e6185e6ad8238246d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkuTAAoJEIXCXpWhbrlNxsYIALBQbg28N4dwT4P/Zyzt66wo Nc9Q+ZOHhPWFs1bza7c9yy1A2y9jzyrG/rKZv4HvVXtiZkrc290wgZIZjxZyGv/U drRggqVVoT8euaahPZGk43BrilzCGSGFuoMfgu0fIqDhBdRdxPlv9mXBAbjOgmYj Tko/4rHgPjK9jAwHyjfljZmBgsiIJ5vnu1sOxQWyMEOQzBX4GoftwW32fTSq8LxZ X8vDuV5Qzkle5d+MpRBqxSiXqKllXbigtHvYMiJkQaJnN7XvaZbzkl/lkKh4y9BP qIKLt3YIPiNF9Id2Mi5jH1VNq9lVx0jD8c64GHEvW8NRYZBQvv8eejOjNRR0F9M= =sM5r -----END PGP SIGNATURE-----