This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-e107-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 15:40:44 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d7d22f6e7289ed4b3cae12edbd9e87125179c7e3 * md5sum b3867e03773ed68312a74a218dcd42be You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWHxAAoJEIXCXpWhbrlN1q8IAJT6cdOJN90Aq9yyqX5u7k+7 S6oaKMDt1U86LuYpSLIb4X+x2XhnCOWEg3u1rpewfXbXr3+KL2tMhfE8Op2MCABG xBUY1grfiXrFcdXD1Zda1KVXWfmG8rk9dbFDRCgJFBSoTS8FDuiZ80YzNoSCQaz2 O4vzep1aoVCA7KJdqdGPLoHB7fC+J1de2PMkEXErzL4ST9SN5pzz3KTjrm3E96YW 7cFKWDo27t1esGL+PjXnNn2XGLlI8+JD8YWsZ+zgpxAHy4AAo8TvsbscZhT6FoFn q2PImt9mpbGWF7nAakbsLpCJqOgIJLTQRXaPKwjKuwerwLREb0VRjEZJ2CliZG0= =2ptc -----END PGP SIGNATURE-----