This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-apache-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 12:33:26 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum bbf4087b059480cb4d7b6619d5adddf49371369c * md5sum ab9dd4b56f4289b6ad3e8c5819873f64 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM4AHAAoJEIXCXpWhbrlNveYH/RBiYGbr09q4U9++YPdbCVY7 t6uyM8S+OoPgQEW60l1vSaKuTq34XC9zpwTZf0BpbepN1CLXOIHvXV61jdFGeyQm gzMdfwYlublIjV+V+BXwN2PzKKPx2YHIMZqS4fz2gmembcWw0GoHxiX/DdxKBPYF 8bVzcLFujtMo5ztrQIa2foFt4M1NqVBRK/Ouh54Bl/mgZZSu0TGzWFTE13AmG353 /kDRT09ccei8PN6FoHpAwbpA4JUo8uRVjpZ/sa2mBT7iV9hkFXs9V4ewAjKpB3aV 2p4YEd6dqCxO152N4h2ROo7wzc+IauYheKDH7GpK9nkaW1hDFTHQyU2Amiz1qZ8= =KCwY -----END PGP SIGNATURE-----