This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla25-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 21:16:46 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 74f4600a681e584a2d177a7f249fba67f4c22d58 * md5sum 94173b32cae67f6caefbbcd33a7a2aac You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlkwAAoJEIXCXpWhbrlNc4kH/1wLSnzp5mD1cQHXSuRIpNH/ r8w9//lOrtHY6t3joGFtqAUeMYdR9KJ16t//IoojszTPxsZI7LsoKm5n8ev3NA4P x3Sv3Kws8dZZuZjsTp2yMldfGg0fWQSkgdkCrlF0TlwojhORrSG70mlYArTFo7R1 FMxoIkKVSpzjaOT1bk883/HWpxNxXROd9YBMyCKQ/IvkqWYsNb/DiooAeM9bHrjl 7DepWZy5YsQPqKEgM4Pv87aMBFwUVj8h64f6X7CxYnF341O1LhqsgUoda7kM+09V 21BQA9+co3CLL/Tdk8KsMNuN4rTo18U022p8o4AQka8FELSiIoaRFywki1mtyxY= =p7MO -----END PGP SIGNATURE-----