This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 19:02:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4ad5d142e2bd2ab2b121b31def569be1362a87a9 * md5sum 9efb80ed3c520dd802e646441fd639fb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZE/AAoJEIXCXpWhbrlNXr4H/26yfYyjLeXI4Sc0arQuseir Wvkqp0iteMdejiidXuD66fTF7k2qMJ8X56zSP0u2ZI2V4/xDcOw/qRZXEmXxRFLr 2lzSnhshlP4ncsYaQ8OUWLYDz9b+6MdlvsN0OfVOKHGy7gsunhs9R8Z82yR8I4KG tiSJbDS95rfzqWLRzQ5l79PIM/Qbve/nK5U7GrNWIJaqBEToYy70QAhLPbHlLPPD kDugdFXnjj7TBFNPX+CpreuKI3nVtcXbmlQSlfdV0vI2CGifD8uLe3oHLUi7Y/XW heJGin/Uum/zNubgq0SiJmoE7GteNJONXgRxwgu9feG3JCe+c10AkH4LrE/WW7k= =RXK/ -----END PGP SIGNATURE-----