This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simplemachines-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 19:19:52 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 38b4e7c2c88c976439d063dcdeefd1b80123d392 * md5sum fb9944f4a13564db05629d8532155b80 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZVOAAoJEIXCXpWhbrlN2yQIAIE439je2QV302i5XNd28omE sIloRNWgWVeO0rZInKt3lHzndaQxWVZz+Sq8/s/bW19kbw0Rre/EF5LYvDGh/nqR 9yTk1iLbZmHK9PSOK0W2Hxe1iX2a7hPeA4xX/oGfnnv7oPyaux0MGgBDWc+7FR/F 5e6M5ajJLmJqVp5lk3Zpsrw+LNNXdPq079h+8GO8UG+38yoNvqs08r3PSoFVuC+e lkd6ft12svVGMQHEkBlnaU2EDGP6xGojaR5xUbK0dy+17K5VbVGjQJq0HaIoXs0D Veukjm0dNjBQ0c7yB8CxyEa+LW6XhL8MPuJzW/urBSL+UMkj7G7KpFpLlvzpPiI= =Mdj7 -----END PGP SIGNATURE-----