This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-e107-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 20:43:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum fba553bd04bba1efabd41c06fc28ebb1b4c0fe14 * md5sum d7f0e4c327038895025bc5d7acaa0852 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlFoAAoJEIXCXpWhbrlNG74IAMv7W9THbQILoknAXlRkv8jF lG+auw7NloxaiQrklplw4YaPXlPrIJoIvRJHmBkQa8IQW1sEliQ3vi/IEV9+XmYS wgnydXWAtP1/59GRGko4ObFNqpTuISb9dZFMEaqYqll147HRBQ/2VlL+1ihSxvlL a7Ua3/2598VQ1SLs1sNGdYhB+P3pQNGsgM2ar36fEb455ogD++ShLExG6mlFBydY rwejFSnWua0UM4nW2C4C0YS+fNrATBdQGctrXi91VuGnTpIUcvQg7h1T6svGWpZr RVQn2MfshckWR5dXoD2WUTXwUxwD6DARISFoF3xyXD7mNtHKjhVBJzGlgC3BiEU= =8lUm -----END PGP SIGNATURE-----