This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nodejs-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 09:21:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 79cdac02697424f387155c10bd9eb1fdf662cbee * md5sum ef02282ba84c0a497b6d6c70f7f0d5cf You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlqSAAoJEIXCXpWhbrlNnnwIAImKF93d9pxZfFiBRfjT7Pih MW6cgj0ZUaA/kQWJ+aCAhvZv9UdWP+96xS7eUCPSqyPMdHUN33ZD0lwKs5LiPh4i y3Fhom+xeoiS7VUjuFyermb3h+Ry2UItTWKHovzW4phHik5ZwFn7vG0wOgBOZvxn ZT49OYkJxT1AbfVZLCzf8IepB2gRKolK9619/4SWZFBRZX4LLHeixAvWmxDoBBEq mDBBXXZRlXF2EzwIlc3Y5g8rjcLHXhWQHk3ylHzcG7147UcPkUPv6ZXQF6lPtSqw lu7x6H2Iz8ZBd6baLUXKVWBtZ2D9fklr7yJoJ3afSeo5wXMXBRp74jb5+7ZQPe8= =hvr1 -----END PGP SIGNATURE-----