This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-domain-controller-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:13:07 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9f567156a53d1e789f00a1274503fa5c7b921deb * md5sum 4cf7ae7c20a06afd6e243c7d5f295e14 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkqJAAoJEIXCXpWhbrlNj+cH+QFR6H3ovSUvDFdo76x/okix OmdlLvUhf/lxO7uAm+UaADW2PRygUqRYsxnE5fsSpMPYQVSjPteMAx5p+EpzrH+w Jp9xdfopZQDaeZG6Q5NtywxtznluLwtVUCSQ/dmnObARNldap5oyKplzGI5NbCMf v3bnDPavPkz73Hi6may39iKqZ1qZ1sdpjWDHBmZLdKtMp0uMb/R4ZjkSjlJd/PKx q+8I2BM36WeTXVOWfyJ2HD+k54TTSqCl5tAa3qYQ8tfMpOC9AGOvSoW1lLP59J2u Ord6wxunTwO1TixhJ65KrC+WgnkyHZfS/PH2Xo5OxmqDtlsMul6IXqgZL7WEm/Q= =tD3b -----END PGP SIGNATURE-----