This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ezpublish-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:43:28 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 400ecefc86a3e2ff359917459195f44a687b8a33 * md5sum f5769dede15a4042637f4738b85d5dad You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3RRAAoJEIXCXpWhbrlN7iIH/1lIvleYtN7G128t7iQhDRMS Xfz3O5xih3RUU9TXefQIcqvRjgHorUJSRJpm30oVohc8znKtoWknoc9PyxEvYmBl z7sZ/qx4mLvRsLkPq/gMJyBMnqPnNmvjYFBkN6WvqjaLlcq2OntWQCEutuAxGAcX mFtng115Q1uU9HRZ9/+3P0qsDnmHRfJy6sbNE9d035bbBpo84SoQ6t5NHJUFNPnf /UBiWaT1C+GJQK+YagNA7Xm9l0opTJDavVUFCRXTO1diHRkrMSLaIfdiaCu68Ns7 LmJ2zKvTt+OKLLYUZFBXUCkdReqN3N/BaxbhjaNyj2ayKM+oCoHYx1ybz0k6SnE= =38iC -----END PGP SIGNATURE-----