This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-otrs-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 09:31:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 75b547c10d349077f853b8d1823e836911558bf7 * md5sum f22ac173c1d0404d2888a81863d31096 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlz/AAoJEIXCXpWhbrlN3x4H/jBa/HAR0Pd6px0OLYIoZWNS 4PjRkpjJKz4wKwgUfb345eNjfWj2PTKjN6Jv5jkPdw45Hujx5vXNkkxCLA5YUzic qdTwL5pWgUi0mON3VQzMaa8mJY6ZjGwdHP/q6WRRLA677fPLATwD/uUaE/l6py9G R6VIRXCxW34fUASx7FH3+qe5dKcWqgxzSJxUInflksJC3kDbGqoSymoIEpJDZTlH fxIlTiLdGxZ/4WZC48oOztTCpBtscWnYiZQmKpw5GXlOElU5zYF7u1sUPXxehkWV txVyoHJ+/l/nlG6+g3Jqbnh8Pl1z6YN+RKl3MVonwAyR6ywN8X/J8BRnNvL5tec= =jnH0 -----END PGP SIGNATURE-----