This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-asp-net-apache-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:27:43 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 0ec7f11677ce505040e7e9a3e91a2ec9b6a8cdf1 * md5sum b7f2c9b524ca0ef76b4d260f6621b2b0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3ChAAoJEIXCXpWhbrlN8KIH/iZb3+xS6cdoWVxTqIrRSvi+ FusOQ+MxBRMg6fEnlD7JbdgLK+m4AuMnPZOPLm9ipFr6yZBuHpEqR63/micf7XCD UCGsghedq4dPyrCX1QcNNZba6Fkrud2ldbn/E2mRrSwcpDL/SbSVBPSM8s8BHDNs 2t2a1X4zNvJXInrRMYxg2oYdrp9hGLTYML9qzYUDkd5P8bGTOI3oNRw1RZqZEkWt UJJUNe2g5qQHm6oIr5I/R4MAdZI3DeJfGl4feNOBwErK1gixHIOu9qED8R3s0dSu U7R0qzAlYWl901pGYa2JAYicfxh/6hWfpwIuZJzL8r71Xo1sxBBLPKQrjHCkP0U= =yDQN -----END PGP SIGNATURE-----