This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-icescrum-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:51:29 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 5c21a20fce8239a444c6f6fa71ea23e076aa6b37 * md5sum fee613becb272bdd9e0a478287c0641a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3YqAAoJEIXCXpWhbrlNnTQH/3unFo2wXlzk3MDc0nQ1qgsG ic85y4wo9JQ1+eZUy33/MEW5JNQrclc8QSjPwDhZr51tem3B5fdVVRiMFEAi99Ci 2039yy7Ww8vbndFG+YLt2VSpphV4nWLzMAwImmYAwoQE3Qpm/n7y52dXrCn+abbN nYft/ReJyGJnOAaNJBcO3f8khEkO7jPMriLmuLz4Ftix5MXAbI4VC5ujGcyaVyy6 mC0BkxIUtjRmwOZYVM+rWLori8H77zusoAJ4iuAW3fySBlnih6XsxSY/+d69rpLw ikGOkSSf8A0dzHKmUJcognLkDi1pnjxHxLjPLGwKu5NaguGV1iSNFhRUHCpVZWA= =/uGd -----END PGP SIGNATURE-----