This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-magento-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:51:38 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 841119cf99ae0c793fdc6a19c45b83e43472de57 * md5sum 20fdab7b5012a16813bdd165f63dc3f0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlOQAAoJEIXCXpWhbrlNUy0H/iHzBY/YxNevDEVMvOnZbFua 232l0qygY9KZy+QNxHKqv2uHmyZbx8keiWmM0UMBJ/bvm5BNuaCLeVB4MwagZfyZ SMF9FrhQBoIz4g22beg8ax+FxB7Rczw2g5LA0m9zhSuFLEpnK7w7a+nycXQE9XHx Av6lyjVg4dEqy5dsd+lWlO+cvW31/vFrvVIVInALJvOMREg96JyrY2yLE8Xs+rCq yxiI0YnI5XWJ3ZOKuZLHn8ACMQhyo2xdwGBR0wvjo9Uuv64kcRgLVPPM5c/5crX+ zgFNkUQ7nWT1Ud2iHAVis+uJ5iYp1HKIWc/GeieuU6OJnefbFzUAuzA8xXYNUR4= =Hhjx -----END PGP SIGNATURE-----