This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nodejs-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 14:34:31 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7c496a0d10a1228b551f8c43f5c4c9615aa71982 * md5sum 161b3286b4a5af18300407924d4099a4 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfruAAoJEIXCXpWhbrlN9voIAK909ZqOB41G9L0NVNtPMcd9 r7ex+Ofp2xMks2Pp8wKp6gycKjGr0/UXCpDhFnhGNfI9d0qDM+SyZ4roU90BrxMJ Kq+na1DEjn9EJfW2Jde+ruMTNCM0+1TMkChfJEXPEsSddjw7z8/qP2Zs7Tmg41Yk tYJq481TptvZ2VZu3LQYTrD12Rje045dZPh2tBSclmgahq+bsfrAweTnmdlhbf8Q VKzzaus2Iwp5GxPIpNDUYQ/5YZrETu4NUgW7/2uEE5zMeVnU6zALg4HObnjLLG4D xqgqvpilXPjitRKZXaY6R5Rdzx2ZCylqMhHxVC1MDgw20gTSQ1729ymboBd8cd0= =usw3 -----END PGP SIGNATURE-----