This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:43:38 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 72a8ddc503b5d71c828d2abb50730c535d8119c5 * md5sum 248466ad4dda41eb8b7ce93e910fbca8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3RdAAoJEIXCXpWhbrlNqLsH/imEG2SwH/O+bqMmtR0c2fbO y3EHTqQ50eJsFfY/b7Y0HdAHnRUJDc5fC9dO5rFeGe7A0OYBlLjgC2xH7I2Vrn86 AfuI+ZD6pPwfsg8E62AO4vLtURlIAcpdrGGO94bPW2edPcPV+DN8QG8EBUm+zaQg tY/cxaPaCBiURKmels6ksPiyh5DGWsAPG68K79vmEtiL0qu9uxNEhtC13iv4ocrH 6SOq5lMkOK9mHmmLGifoMq8yXI736vMYk+DSegOoF6Cnj+H3gRH64NzF3qejcTPf s5YiEL/guYzPlIjJk/1cjy1SlwZRx64G2uZ/pFMxxWjiiygsS8OkDCsWyXYfGxc= =Fl2R -----END PGP SIGNATURE-----