This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-e107-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:41:53 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 8de125875e06b25d2aa74d7e2be9d7bbc2e5c9c9 * md5sum dda8c68bf12d9ff9ab7c5b84d76c00fb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3P0AAoJEIXCXpWhbrlNPMgH/RsFYvKcJ1LQMl3atmD37hJQ nCS2PGnPQo4DOE2sMe1/xIU88ON2+Q+Xnt+RaZX0L5TebK7As2TT0iiJlAFk6unO ZpmMvqvdMrqbYyHZbcRo8FnJHp8Ewg3qHvJVSThoKiYFOPlcLgHIgOoG+oA5Q78e v9ccl/1/tvL+ZSvFuFho3EXZUD6BY9xS/OxhdsHofFRI68PPqHZJNb6ZC5RltsXs 2wthtIClwZXFtKeAt2UaLQOUYuKqVMw2+6ofS/IXVHwHullWl2vR8sRl3n7Xttb8 gxIAgG7GSJkZotfQBdhtPKBJa2fp5olj3zcqz5/KAq4HesOSG0cF37DLkgnSYHg= =2Rb8 -----END PGP SIGNATURE-----