This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-openldap-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 09:22:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 33a9e2690f379ecbf7054b6a56b1fe122f60823a * md5sum e2d6eb0bcc7eb7e145f0801daaafd237 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlrmAAoJEIXCXpWhbrlNjkcH/2J9EUIKyVv+dUfhoH9qNcmQ sO4uA3zApsB94vZuUUymnipS803k7SU7Ke35SsGhJ1deP1XSvsI4ZP30PlLexVe4 MhKkfdT8JBxhlfbX2QCR+M4ifS+clbe2GeiZKx81RBDmTmsedfU0zcz8APokLvqb GsPKDr6RCxocPN0P6ruGqk8pJVe6Dd5N7wVoAIIaTmCCwi6IjoVXehL4eHVK4HVL VcyNi8Fx8anVuSWHiafBGOlxBDzYge+YhbKCvoiufDg2gz7b9LfYOz/HJqflsjFR zs/RJF4zTVB384uoXNjWbJd22GxgIbu6uG0h4ZFFmhEQZ6Si49h4p+PPmPjXkBk= =Qznj -----END PGP SIGNATURE-----