This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-web2py-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 20:38:19 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0e744868774e238787138493b797a1bb22370118 * md5sum 160adf60239cb1472bfc899e3a6f3827 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaexAAoJEIXCXpWhbrlN9PgH+wYZdD3tca1DTqt25fqApmAK KsPZEHgx/BBUoeoVkfBkceOPbPMMMOMrq8epebHPO8FyQz5Rwl93XYs7pE8+sVAg kt12QTwoRHsD/yXBCb2LmATq4YIlBYaw1HaO7fMN/aulHqKNsf2S/fufTB8CZS+Y qp9W4kQEyOMR9CSrDhHZElnKA1K80htid0u9ICdGCnC7fX2KFfvAsxK9uyPalEHl nnBrAXEz2xTGp+up4sH3/d4NRA9ENq/6iCTXtyzog2krSx9xda9BiyL6uWRIvS9G eg3i980RNq6NdNn4Ol0kE9IvHUdnJznZolo0McYSrzmbGCvMBbpGKczKTpxutXI= =0mOM -----END PGP SIGNATURE-----