This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-redmine-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 15:46:23 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 191ce335194f7c205224e40a6ecb9f1335c1e548 * md5sum 1a07357e1c1e7bc5e28fc1c159470108 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgvDAAoJEIXCXpWhbrlNc5QH/jDrsw/AtWUNR1GUgyzEIv1F dPIFCXdvNRDukNyI/tshhep9iw5yD2kZSz1i31kTDn5PN0M9+rXGQZ4o6Y6PINl6 cJLYtOfWCBHjUjVfFF0uoVF8S7SMplITAGxHJtMeDe1vliO42aLUTA8WlHpuWbbf wBEzEbRIxAdMfwzsPOZF4Qt5cPllR3TnwaJjWculkydD6OYtzBtBQ4v8R8sn6bnS rq2ZvQ5HwP3GX4RBE6v1pE50u5W89inbvhO0aGTUq9A8mpQx2BkOAKU+1gjP8wyb +DbhAijHR5bBKf+6tLu7rIWCzZNTSnaUSSl5pwaiJtTJ5n24vUpCAs6dfVYp2r4= =bJHN -----END PGP SIGNATURE-----