This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-jenkins-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 13:39:39 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0a6aba6f6dd402f88772b74370a126b998544cbf * md5sum 47517f818e8839c4623e3fb1fb0369f1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRre4KAAoJEIXCXpWhbrlNIEgH/0itBY+DMF1M/eoHSu33Z6Ku pzEHrQdQpeQqP/pBt0Kxc9zGVpOizhITlONJRn1AT/KMgMo5te/mjwb0+XC2mck1 75Cf2LCP+ta6ivr604dO3BvaApjf5QR44ey872+cZr6flGurD2nO6kp+r2FV61II I69fX5GJmP/jzV90kwepH67sP70YKKV+QgQwbIRi+cH8hJkd4DeydfSb1EaBRGRM MeWU0MMI/Cmpt09cO4UFgyVn3D/vuPLQd8phd8t7Fi3/lsEZUiSAhxEXNnDAqBr1 hY6cDUhZXNIC3KbEu1TvflPtehTERFfBff9v5FduWbj6DHHlNNLElkePwv38Al0= =hJu1 -----END PGP SIGNATURE-----