This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-jenkins-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 21:22:00 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 246cece7fc4d4501f78053416ffe7f30755b4b43 * md5sum c42124e5c17cd1f9735a46f6b5d48797 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlpiAAoJEIXCXpWhbrlN85kH/2eOGOW5AG62cxPZ3ZPCKFTA fMSl1r9bujFSYHz+T9yS7rN8pu53gjW1YqZrK+8V9HablSoz/BJqkSTyjLIZhvVE /GlAy5OkDxXVmAD7B+XVKEViyVIFvyAgJYYvRf5+RhxfPuhe37I2oBnIdDrIk4j4 eKAb7CoAB3M7g+PHHfRZDd1iROVu+vaBPJMERkkzKCBGzqfrqs7yTQIWJdU89Q7g 4sFs3E+wA12lu7P79VkiSo5OSIObemxTknOSL+brPt0yj+44U4rGx9PBJaA1+fsy AgELZAWAfpJEA+o1ykU9ooNVbpFKENrs59zcFhONV1tZmCvi0G1kRZa0QU6WcMI= =zIuQ -----END PGP SIGNATURE-----