This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomatocart-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 19:29:26 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2aeb4ed98c5b79ad1c77305251c4aa4d15cdc9c9 * md5sum 5f5109b36c889b2ab9b5f1c4dd48b711 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZeKAAoJEIXCXpWhbrlNyCQH/3XKZ49U1XwtGPRyq0m8hOpL CiuPEI+p5zc/UYVNRBFXAmA0ZLA9AjTtteVrgtlGVAo9rU8C4XULthtFJe+Vls0f BDvo4avcTWnNdIb9p/uAb4lVcVbNLMlRbTe0wxZXhLbHufDj31C4R87o/LmDk9dx vCvRkVc3S0Itm3Vfc17DSy+EtJRQGr3mpT9htwAranlwFG+738l/6EWpFZIVlF8I edeE+KnozTeNNSOCJEWjrWSTC3ofEebELW+DbPKb7GkS3ANZf1s7LTvpqPYxIJ+W AkaHo6qI6DUBmPe5tKNeRRkPREqd5Jdb0rLHC2gKv7sAp4G8veXVN05qLjqNIYU= =Xbc5 -----END PGP SIGNATURE-----