This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sitracker-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 10:07:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f66e8919f91bf0388e8ab72fc9c61f922324a598 * md5sum 9368a0673cf99334dcbadacff4f2c3b1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmU+AAoJEIXCXpWhbrlNoZoIAJeMv/1ytorDphE8kc0SqhXj IgtI6n9LD+y1LM71zZ+H45OgqRaSptbP8pbL+OeF4lW8BEVTFJuj3q4z41pKE+7f 2XEbDwSu07pkmbJzEXNp7AarI44/XoFWEbTmWzjx5DM8vHs1vRQQg40v5fWYPuvO K96xC6Hw/4JLq3/nnS0iKhZobXJeMFj293r4FCWYh2vqPaPUlrKHThYJC3MvnxHt nT57tj7o1dBCOZM69QpfKdFzRL3JHlOnQR4oyM2vNHJMg7xjAuedLgQ83/3fZdeC NTfC9JUENKOiwvWqodIiqjP8GMSmHz7YCXp07VtIh+OduSxTtBW0L4bGvm6Etvo= =7BGM -----END PGP SIGNATURE-----