This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-processmaker-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 23:22:49 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d2eb3dfaf74618715b967de3674c7390f2742c85 * md5sum 82910f005a0504a71c3e27094b151dd0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrna7AAoJEIXCXpWhbrlNRmIH/0qrIPR0gnYhekt6YATrJYpI 6LObP6lxNfowzLWf9RMG9HIqLBsBR6QpHW4sE0ii0g1YRzXfm40NprNdP5+697CW 6LcZCBlToilZdOem5aDqBR1ZN+UIhsWkS/ap/5kOCwDaqzcV7x+SDOb16Wkk6qUu r160y8rfigbeG9KXNFU28vbd8AFX+18RAe3/Dw9Oh+yRir/FD6s1QvgoEro74HYs hxZmsMydKd7j1cUQHOWLGYb3hDM4Bz4gzUYFJIIYmCq++Is6PNX7bFeHFYuVrDsW Fid4KlV5oqGMlIvALY9UNyjOMQAmbVZrjMO80Yl4Y7oE14q70hnu5P9OzCnFx68= =K4F5 -----END PGP SIGNATURE-----