This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-plone-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 09:51:21 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4d2983eda2bd22b24e6967e4c4f94d3c337be885 * md5sum e8eb5c2431854e2db19891beda6c3dfb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmGOAAoJEIXCXpWhbrlNx7IH/ikGi3volfTWk7o3RjCp27Dx cxo8wETxL2PS2YLE7TD/RNaXY/XLe9PBMgVkhh+nTnHySaO2bVJIJtLbP0eC/Qgi dTqSv4Esi6PRwbZUiH8u2ZedzPlsWZ/SyyObd/2ZeD5kdXEPnf6kZfGHQZCmyZq4 zCftlHgBRPY+LTPlmQa5MMc27jEctO01WlNtXPYEqqWYeskLP0zAu1C4JAzYpRG6 /Bq4fv8zWfrAJxMHQNJyKXnTheE6fDT6HKZEtYXjBZS6tDNQhhawrPfvaDBundal jajqXVvjUnvfdaEbgQUjz9ztzl68FwA/W6Eu9tI6Ec1eCCxtq3Wi68kAZEC2Syk= =lAcJ -----END PGP SIGNATURE-----