This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-e107-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:11:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum de0fb8f916bc1b1b1224f58affeb247b1f62737b * md5sum 250cb9c40b40c5a1f9c83dacf0904ec8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXko/AAoJEIXCXpWhbrlN0zEH/2L7hW0F3rpAVy2RU7AHiRP5 a9t+oyC+qEc4guvpt6K1oXhsOvI3090oFbPyKkKPju34TzY0Qvom8nb/9Fb6GOBy 5EUcWZtydBZOfPS4yGTsSoODLG2EIAMhAXa0Wlc+8v+u4B6HLHb9MmD0aeqKsYct 6B8h1/21WV4dO9dGVpmpnWIa66FFN8EneGFEDcWXr/GUugLIhy1tsNklcDXIfHY1 XvV+AkrH3YmbxQhLJnpuplXl9T/TbgLnd2Ljzn8231oFDAtgOMGZlntvZOrApqzb UW5qLlympE6iko6tnbYO1BOOyJX0MV7zhRT5G/O1KOStw5ckNw5nTH7kvfsW/WE= =lAKa -----END PGP SIGNATURE-----