This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-otrs-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 12:08:23 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 1fac3627d66edda22f3c894eae8b58abdfe0adee * md5sum 32060e371ba3490047120bc3575a0d37 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3orAAoJEIXCXpWhbrlNNgQH/0y14dYCb+1H0pwGQZnqmwep 5nNiDHB4FqIHlAUxI54pxYCRcS+Xlpf5HuiHo11mG6VjuCzLJe4Rcx6nsBCqjQIt bNmrnpYFqTLc38WtemovRYPO2BmtBD2FGWqNvxMOav4rkGt1BzR2HQxkEwiQQ+z3 6Yqt/9s/kTcwl2CLJW9NcEshFkjacheMRtbO5xaaZSXAWVGyS8Q6Uawn7QL2K6JU sdppIpuh6xRuk9Ul5pEYXtCX57EhcSCOC2mOm3RkHekkmusloEdL9w0Dk2CMJGHA QxMBa60Z1f0YWSO/eyd56CLharlpZTEiGwpMIx1iGU5gK0rkFdmaTEXfsqzANe4= =191G -----END PGP SIGNATURE-----