This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-core-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Sun Aug 19 17:11:41 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum d31f9ab412d4e07fe6382f4946df2614d0711d39 * md5sum 2d0e0522fa15c7bdd602804584c1c5c2 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQMR5DAAoJEIXCXpWhbrlN/P8IAJLntTjXntazGAL1cBkvzKXI i3VHcWDOGKHUnD9GAECPaTsrxjfs9Wys+DLjKuoVt9zr89zyayOFKMBZXKW3Upig UzhsaDoQaitsXMQYLxbLpVpThXB5kGMGMF+h7v/xXM2CCf48tdj9na/saTiG/Mlc gkBhJ+7aPKxK+3P9SvgP1/ph3UsNPb1xApUQgGCMnA7Zfha5G8j524Ohbv48TeiL L2g803jYzcH5Ru3jqoD/+//fKzIcw9K8WM0nasOj1PFp+NDBLdCiqaUq3lg79y1E LYWjrK8PPZ+3kS56drtc47kKS8z/qR+TDKlZShAPXLQhNBudLpUO9ok523hAw5E= =aBMp -----END PGP SIGNATURE-----