This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Wed Jun 5 00:40:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 8d3d8ab08e3361be83ae3d84512d11af8753df56 * md5sum a8fd85483a42bb8a47aab2ab0851b5b9 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrojXAAoJEIXCXpWhbrlNv+MH/jz5xu7+nE05/MpdCouLPb0m 1dgRhGh7EBnen/J3tXBidtAvJ+0slrYq1N8+n1mJiIptdhh0wJGmBZFnV7iifBls mdZttKsNnnf8pp94Yt8qhdI9s/9nM9dYns31of6XIfAGl0ZSVHJcmsQ6+QGrPRKU aItDGTDvIyhNED7OJgCQtb1MIk+FMekfIwz8x+3Am1CmMtvjhijvW68lS3x9ZHuj ZXhjTNf66u0CmUx4tdTan+6T8abAnxLWZQiWRjxB/GFfH7gk1zdg67oyeUPamzOT aQh1CVi7Tll1BiLBEjesZSFDlVSO2KzBdLkA/biDldgV39t3EugeOJytISmu6U4= =XwlP -----END PGP SIGNATURE-----