This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sencha-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 12:31:18 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum aaebaf008cbd2b68a859a7e3d7aad3234f8c0321 * md5sum 658902d193b61e4b6384c444802d16c1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM39+AAoJEIXCXpWhbrlN3wEH+gNjxl26WBKNFvkWPCBdoEPW sE0qpXXi6rNyP59hpUaU2MHmqDqwZprN7T3T6/fkPJwdtYyf5C/kv1l4MHEZks/l KCSDTYoMA5YRTZJxmE58VyLl1K1LncjXwqJ16clxnB4qt3l5wxiC/iwYIVRZ0+bz BjeS1BtRyAK65BqMSGA/UGgTb1WirAfv/AyIVYvjBxfbLkals08reXkRpCmFhDnQ xUlcUdT1qhTKAlWQjaObYcuBgzmuZxjB6ATu4DfVqqLUYJIBLzqY0tC+jJlBiZ1y GwgOTddlNDgXYvQSSS8yVojuh4m7Eb0Sq2uUJk1TWN17GW0KE4SypuHk0BCXBw0= =BzIY -----END PGP SIGNATURE-----