This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-statusnet-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 10:10:37 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7fe8fc3e6abb678a1ea2a222517a9aaebd7839f8 * md5sum 72a0bbd600e1bc614fcccf5214f09cbf You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmYTAAoJEIXCXpWhbrlN8v4IALtO4pWW12SGxOeFXJx35JZb q0I4mjThUTmM21xV76SyEbiEi1H3qPLOcZIIiKISdNgxXpfB5kqQHnb2Qz+Yp7tc VzMdIgkAsJj7yKX1EDnzDZtJcwyKkf0kLENMEI7wbQ2TeUERZ/vQgbjzobBiM0ig eRd+TTQcu8lxE5oc+nOsJFrqYx59xP/KzjONeGd1H8my+uYvMLvmqSZf5L/5Jvzh eUBhJXiPEpNZH6fixA3db3UrffE5X1JXlFCgHW0CcZDfNsO8TdP0FoBfytkJGMO/ +vtwi/6xGvkYX9Z+30VAKQTDkntYkcLD9WsEvPwiyBP+V+b/qQfHVaqtpd/z+4U= =Pxa/ -----END PGP SIGNATURE-----