This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-revision-control-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 23:51:23 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0c90e66b2c8a044e49ea6b52efb472198efcd77f * md5sum 22b596b0b36854fc7b98815615c52749 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrn1uAAoJEIXCXpWhbrlN3LMIAJK00I7zN2DDYMkWuRHNYhOl mECXnmAsM1xRb6PUKC2W9B7j+g76vw5XMR2i0c31WP96nm+8qoOWT/5BuhxNDB8v POEdvJU+22f/lheR+nSbtWO5emvt32Ci8xGnqTBOSktZYn0HF6GsNNj25ypELxNv 40DFt05DlwTYlxKBh4o59Jxy9Si1nBjPlJZqicLDMo3keKgY3Zv5bNR519/gIyEd Sp1L2b8rNLs2gbCZ0+rJB4oltN4AOIPwf2qd6+ZHkjaTDtEftIatXag3K83aTczM RRWKlK6q1HTsmRg9sQFDBMU1s1/MLa/+kBiDU5TtJKpSsslAdcJfMZqZboe1lfs= =/VpB -----END PGP SIGNATURE-----