This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-trac-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 12:38:19 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 91ed0fa63320f3fe3e94962de6cf35073bf0fd8e * md5sum 845248e49e35819b36513f5e7be6d511 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM4EvAAoJEIXCXpWhbrlN42QH/iJJpRMxp0neMzGfG+zKIS7x 3m6FMLReOZC4VHuPocEaQdgXQan/wAoIVMGVP7yi5Tmd4UOLXmxlFGEVbd2KF/2j DBJUNYejf1Oj4aB0Td9Qxmv6u50HQAezQq81oHhkJuV/vMPph9ZbhlalsePBW+FB eDE0JKT3nRuX2fXKIdkGv9QE5N3wDv4Pls+tyF4fq3WsqIyutd1BLl7TXkKA3wDD L6qcsmWl8YgKwcv+tXEy2bgcnoWu5adRMg8a12eD292umXTMXqu/o2n+fA9mfjxs 4OupDVAvbGeUDb74vaJV7DfXp/irKozTPYt5SesVv73z4vEks+sa3XKNmhS68HU= =IH+H -----END PGP SIGNATURE-----