This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gitlab-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 16:08:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum fea5ceddced1e39b61415e5b2de4855db7df6e06 * md5sum 026ad3bf1300d711a6f1d958571abb26 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWhSAAoJEIXCXpWhbrlNYmkH/2MCedY5CMkhzSzLozktCK+H 7LwEyXKrRjKkHiQMErBcFlPq+yoh3tsQfyQw1ChGSo14gc4X4nuK2p6zqHnHOEIm pHn1rdxvxFWXjXHsxons1ImS1zzePZbZh8wB2bsjjLMLM5mqQVKgThm6+iaXGBfl 1dUSNrG7niDGKeCZhCZmMi6c0y759KX3zqnU6xiJOT5/67asAGDs7h/k7bFMdpW1 ixc0ooK/gKm6PPnEhtogbg0LSmFZle8pPSQp1G9s3ieAJbVQd5HS0qEm3dSoWmxs ITXmIxRN2Sq2TB4OCpjajjRimQRblvd+zq25tQbidPo2fK171tUAq4g+ClHrSjo= =QZec -----END PGP SIGNATURE-----