This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-magento-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 21:50:47 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0fded9c0b8d94f016d59cb5cfe91f606fb338782 * md5sum b100f051c98ed41a0e288d8ba0ff544e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmEoAAoJEIXCXpWhbrlNF94H/iQ0ZamV8qODSCgBL7XOEXtS I7iDbikJqTUw0R7XlyC930aMZP1bdGXd97JOmYKryb8lWxpX3Q+tBq00Sfz5HU2Z Dza9ZSt+fRPNfQbjrJYuKhaTEGasDoTtB3j/4bMMv01zmWwbhPDIxzdriy366gAk 1EfESFlDyWFeTd3Ih9P7+EeZfslLL4u4m2pbxDUikY8hWPZA7PckpuDt/FtarFWM pkbwu3Dv26obzx/fWP2tSnoASLos2gtlbgaaCJMDICeyCIqEvQFy/yzF2rP/0ir7 KNHJd0678miflgMX9TkCYiW2lnoKxUWMCEiq128UwchF+tMaIJqOqasKstwYeQs= =mQ4O -----END PGP SIGNATURE-----