This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ezpublish-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 15:56:15 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9786087a14cb29ce99aaae50d037e31a5c64338d * md5sum ef55d82f91d041b69320060b7a5570a1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWWRAAoJEIXCXpWhbrlNLxUH/jdMCIrp4ImnMBAWUWe2z7p9 hzCPsXl1PJjD80f+NGZovbQO4tm/SRBVgDOL70RrxWGQmG0tYzYDL2VqJz2QiPxG dyNXTa/XaTjs/8xEsYw+fIqZqI1frDAVwMPZFcozyg39L6+M3S8Lrv0GtXd0tQtU h6CBN+Z7ao3J+bg7Ac8eZ1/StqYrA6isp5hdE4l9G2Kms5PCRHLcF/a9H0kB6YXL oWxDGHrSA0US1iPgT8a8uz4Sf1Foma6cwY5fnCoNwDVc6JJpv26Td/tfGlGMKwTF Yiz+htc2EZMYaCK/L+yTXybRd/Gu8JwXcq3Onui0s+t4sCVuWiM8n3TdGOZ/7I4= =v0xM -----END PGP SIGNATURE-----