This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-openldap-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 22:29:49 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ed581dbb45f677800a65da88af2c08703b882f8b * md5sum 12fa6cd1f13c6ef98c8341593539cae3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmpRAAoJEIXCXpWhbrlN8gcIAJYMoz19ag6p9aVfSFPpDMPl ryafPvV3BoVai5uUyB9KdSYdyGWAFd8lJVt+kRK5/Wit5gofoi51gkOcV32oNxX6 DJFRfUsZYLIFqsnIc/lF14axnpYIE3oujKsI63FVwSPYBBHHEZwwERy9Qt8oC2Ih WRbJykeZ4aLKBo7OTeN+QN/9PBU092ML0xqtC5Q940UqfSexsoRkLNjgV/tWfsi8 43aArIFyeTxs7vZyWMePlorLRnGv85EfSTCJgnk9+1fRr7b1adOrXvrVFPW39d89 55RE6dYFNnWBle3iYa/YlVm0VIljHrKOF4BXer+g92DPS5yQCgniswzFHd3bnNU= =Agq9 -----END PGP SIGNATURE-----