This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:30:00 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum da53ffdeac8edd49e0407af34463da8680714d38 * md5sum 34da7ef86102a34bdf3d236ac43cdf7a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM389AAoJEIXCXpWhbrlNTMMIAJ4poevkLh18BGp+H52uSV46 +86u3Gmg0xYGuUuAQhr6w7x6J0pxGuCU3Ai+pOaExjxbtLP6aV3UPx55+J2PJ7c5 983hN/kE/Mzx9DkucxmQp48v/79hxAcI26p6aWltYg9zlJvzJIBqY/6YsVhVpLwh Sk/XrX1xBRNZ/p734gCbxDx/yU24H7+TMuLVsuTyXC3CMk51RI+ibA8JNO+cwB2+ Cv7KyEu/QvLj2JKSA4X/AdXXq8yduGwIW/hqDf1VjP/ZtDP2NaHshQstR6ge4c3F xpQp2p4FxFeqn24voLkAef2ZmpJWNXi4odJ5d+5oXOBL8yZbUXaFP4vwg4/6fto= =CCZi -----END PGP SIGNATURE-----