This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-openldap-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 17:18:52 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c1d0d058690e715ec9bd61ddd6543a24f5750cbb * md5sum bdf0f2ed43049fbf5a8f2b374b3ff8d7 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXXjzAAoJEIXCXpWhbrlNG70H/3p/606hrXnUvUv/SYD1A0YL 8qFawMqqsYOB6WQn/7rYJSbgZ4vPr/WUX3rcaD6HRAuFu7F21yiiQEppnbaPYuXo Q8SwJqE+X/Q6NSgeZIQoluxhjuLJmyOJoxvbY+Hpr+LQAlIU/sxnn9bvkiKpGQEj HrE02mgWisrmHJj25ogJz/3VYBi1pVqtUVqrq6Km/aYXIn9SR6qWlcWQOGd+tVFK rUoxDS6tBx2Xrvy2iLrAiOFA+71ZdIjvhPEnZpSaMZ3oyamdPqyiEKL4PGvuhugv wpvaHbfr01S+QRN9Rk87Wrs6OVJsgNeWjhPcyiM5wyWwSeuW+wDrk7YKinqIlUw= =m/A3 -----END PGP SIGNATURE-----