This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-roundup-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 18:36:46 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1887663a1a1864f9b18a2a23868381165761a612 * md5sum 6a5a8977ca5fdcb215a7e12b116c54ae You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYs1AAoJEIXCXpWhbrlNy1cIAIBrSfYlX5zJJLHwwvfa4a93 nGzAXKxqsLNAeIzVsQjj+U9Wl1NtnrqsbyoodeuQcRB8YxKwzP/+7bNJdLGCq5v2 X04mVbe/t+X4unYGupEYy/ALKnuD4CLN23VqWAhgGyGqHVNniClDiw3VAMBjYz/N JjKfoDrS7aMgVWDUcngMs28AYnbDcFaNsQ4tO81P5rTT/SvtlF65jM1nUipkJHFW SuPVzhJ5UPk04pIlJEM72vbrXmdZ3clS4mamU/B59aN3un87ewSHG1avSEQHyQ+3 T6zB0t10E9FtEs0jagtGkOuRMT955hXB/IqX2GwbLpBN7RhndJwRhEvvCBOFBGw= =rQgo -----END PGP SIGNATURE-----