This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal7-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 20:46:08 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0c367972c666417e2fa014d334755adf75b51b02 * md5sum 166aa3ab400e86abe59bf1991562d6b8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlICAAoJEIXCXpWhbrlNM6AIALIqIiAw4e3ajgFo8fxdTIb5 0rF/PKUcjJsdBwPzjfHdMvyhVQwmmSNFcqJuXcJbvBSIwYy8gacqG8BjHt73bXV7 Ebjdu4jemhjJWVbpym8N8vQZ46vT7tJVGQS1bwjnNrOjk18OwIdD6hzCsm67eM5b ZR4Zk+o5adMEcjpP9uG6t2z6WrZoPVx4ci4IGFJxwRXG3WVTbQd835PWgnWPTJrT 6h7mC19pmviWwFqPvuZ2Nb4YKgInytbAreKnFowI9YlLJl1xtQ6z8JLGAGXjmcrs oJeHh0U398v5FeAQ2AsnWZUjH/c1oGmlIp6ZIaz72XQvHHJKx6wneorQ7iS9glE= =G4Rz -----END PGP SIGNATURE-----