This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lamp-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 16:14:52 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 66faa9a0a730f1346fbeb1156980cf3f531132bf * md5sum 7ae9ff719ba2a8fc0f4c1881bc3068c9 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWnyAAoJEIXCXpWhbrlNbpEIAOAY7tMME3EhTOHpf8BlmxZv wd1nW2ZSbpTnwjp1yh6KFZ3SEiR0Z5f0hac2IrNXPyUDuv1tZ2Slaf8gx1t808VG 4PhBabaRPWCLuifKAPQFfR0Muzlkst6YZF3/oy/cKntMbJ4QGZlqOBju2z5evP9z hvpULLU98A8GFhwCcHwrqGrTuKuOjeNHdMFf5ocN1GwkI2paf2g0612D298Gfjaw KwmoBLalCrVbrsZtetOKQXoG2CFEkO3g9OKx28ph05O6/KDN0FU3BXZmABpMUYvJ BOKBgEHPjqc5cW1cIhCZNPQNWjfedfHV2vmSzi7oMMUCxuipVzsQKAobN+R5bCw= =0DM8 -----END PGP SIGNATURE-----