This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 19:02:23 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum cfe1fac1e5af644cf500ebd4b0684815f8d7b727 * md5sum d2befb5d29c52d4c867c5baf2afefcf0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZE1AAoJEIXCXpWhbrlNiEgH/3smcAm9qF2c2dyuE3ngXH+7 mbeO4OeFo0q5uNlXTtn+3XmQdv35NWx93e/IUdmW09dOqOX69hM79yfsVsA86dcA F0kFoQWCkJcBYHTdqiJDkIV4Rk+DRl1R0qkanOo0zlQ9FWWQvvEDB00utTisc5sV 5LZ36EznrGhgMhcPkV52rJUseiV3n9BEl+2KXQvN69kOYuS1f6fIrfZyg/C4quMg V3Sr1Bsy88R6rwhiwpFKZrMNs5cUFq/HiYtIfI+Z33C16NGt6U/9eLWhSjcv4auC W9uIjui9rthrupAp0jx8RVyt7FMS82JP782LsYyfuhXJ8gJMdTakkEEiRNHDVt0= =+TEH -----END PGP SIGNATURE-----