This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nodejs-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 22:25:54 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 20df5699509867767f2b93dc5b02e27c7c752642 * md5sum eb28a941b4403e5df2a51481f8687e04 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmlnAAoJEIXCXpWhbrlNolMIALVY8qkbdQhNVcjc27qGVNtD LXIFjEiVKc48R2jcN8YCpCHYs145df/9wp8oiv3VzqdDQkWfAeJLuJJv/fARGhry eHT+j8InI3LZApFV0eUKAm07d010hg5qLApppfTdmm5LPYqhJ+ns5l+TRKjCfaQX gANhZ+FJktDtRfrHTcJxYJkpLc6TMGhr67YCVH8KO0R8zf4/sb7WjCQH23UTsWjl o28djzDARYq5i3nxQ1xEbG1EuWcyz5BviwjQkuse4IrjGKEWKfPiDQMYj00fLHtI zMraJgfq4M9T/wkJjGM05+Dz4nRfjKyTIUeFspLL0DftD5MxpT10WdLGp8XOSWo= =UaLr -----END PGP SIGNATURE-----