This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla15-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 13:38:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 65d4f3c7f8ab01240514ff94b08ff09e4e8fb290 * md5sum 382210d689961380442b65c91e1aac1e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRre3cAAoJEIXCXpWhbrlNHNUIAOQ9nlgwgskM/0S7708OSFyf KJ0nbwJCDmPUYT1tSsxLUO4q8drha20ZCheD/toaFWwrkI5T8hxrMINa8+1+hYg7 8V00lCZpf1jyUn8oCssITBM1gqtWzTpmyv2BfcvDrQqter+ObqQvixMlGE+3Dm5M SCcdvNhkKMzhMjN2uGL9MEftFDB1rd7KsN+a0xTPoMmooqlBJq4zmECNj9XEKmgw Br/NWidi/HPlEHF6Zihe3sefXdGz5z1OnnVvn35I43KWJfcf+E9RNs/PBMG7sTzC sXruEA6YWtyyXDTehWx8mC243SLKl0N3/wFoqna80zQUDi7HCHnS+ENYrLkJIf0= =Ho+V -----END PGP SIGNATURE-----