This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-roundup-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 15:48:37 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4a21b4ec03b6efae8629fe7785a96ca63294d7dd * md5sum 4496ac59ad2bd42b345d74c8678b96e5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgxMAAoJEIXCXpWhbrlNiUoIAKFXzAnDpjltK0Uzi10/P8v6 hu8UDQGHMdBAk+woI+9QAYSarJ5MbgfsteQztmEKmozwZh7hYZJm384IP/CSPa/l DvcRN+JW/Pml0qJAEOSdqOrq5g0j+CvXj2kVz6wVXJqxiLePvG5gdwKP6mrsLM1k hE0lg+Zav+cCqGBinFQEE8DetCz5QTHVVYfHCwgEV33K3hy6XMprpxIQW8oM4tyv um+6jonRky8yZK5ppCYwJMTZwnkJ6umvyFqeXNPaW9ca6zX9ETNXSnf70XvJZ+n9 C5Cqi3etUySbMQsc++3LbTNfK/K+CbdM5eHngg/dNWfxUaNEWh4OIg6lCZFdIkw= =7rC5 -----END PGP SIGNATURE-----