This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tkldev-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Sun Jul 14 12:29:31 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ae46f8d0a1a58bcee38cfe672b4de14a3d6d3f57 * md5sum 8b5ec569370844dd69a1684da91d0288 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJR4pmhAAoJEIXCXpWhbrlNM8IIAKC/wXpTd+dWFL4bE6ynR7Rr hSCuip7/b/GZRfvPghWF1qIN+/JeLjsYkUH+JHgc4/F7mBihkybMUj2OV+3TI7g1 AewHoloTen2RimIWAsLrZ5x6fKd0HKCmvqgnMCWprakVYvQVHn5fT8r79HVSrEsW OBjxxTbeyDsIiMKUWTgpYQIKqcWykn3eM/KEdDthCylNH3uUlwvHQioR7fd2TpmP ERUkd/0N7O8ztSJjCp6eYY7hL88GeV6elPCDKZZd1C0U8r/dmCP2t3vkw1ROucGG 0orzzxWZGg+eooU4BneYZEqEeiHvI50kwmGv8OUeMlRoQWCldelBwZOwJBS9dg8= =qL3L -----END PGP SIGNATURE-----