This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal7-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:11:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0e7596efc54a683af8571c2e7edb0bf03bcdfd45 * md5sum 4da7658d04163d6dc239e55d5540a4f5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkonAAoJEIXCXpWhbrlN2HUH/Ai5SD6fbqmOaTvB0eJBFw2f dLbCVCscqqNrMI34tnliI5aX0bFqBz30K7m3FHe0NZuvqb9Ojt5ZGOHeLf+nKFnj jG7uFshNoApD8FU0HfWV7ziwhJYLGxaGC0EYypU6TmYBHZGHJju7O573/ODu0naV Y0eQJJ/mIg4YA4UOzaN0ngaSRYnaii8ZjgbXeu9W6eCd12QrKNuUmE4Mcm8I+GXG GvDeYKX92xktJJYQz0U9+gjBZg1FZylk2zJZZItLAGsi1bVoBCY14fkr2FvoatcP 4KT4E4qyet0HOoAJVPmBMHIJj0bhLqu70+ahN/MMnq/bSo8a7uM0PyKqAoVhsoU= =Hfls -----END PGP SIGNATURE-----