This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 21:06:37 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ad06c0e2bba8b2caa6adf9a5bd9ea51a0c72442e * md5sum c5553b074d7dc2c367904616bebd97c1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlbNAAoJEIXCXpWhbrlN6BwH/jofIn1ryay6wkPyp71E7TDE ETAhRTtvuNo1ggqPptFKpy5LJf0l5bXe27pr+SJFsY6+zQNWoPtj1PygCG0s4/1l GCfhSiTMw3SPn0pZCe3gYg4WtEQnT6JXeMDuU8egJhIZV8MIU3i0XNycKFMWSEtg v/ESlyNYLCYqPzOuSmHsvj2QiowZmQuWc3o9tQnC6CfTn9ZH+MPRuhuuYJJpfrAu kOyVm2yAglmiwbYiwseMnpeiBkMGSVUTHN5ab5bDsF3OAosGEPy5lcP7fKBapmWp rcRkWoFoOrS1jyKt5spMj5GSSx9enWZdnQXfbZl7LYlREObt4ayp9Z8X4ky9bhw= =IY5Y -----END PGP SIGNATURE-----