This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lxc-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Wed Dec 18 11:51:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6235e30eb8bd47cfdd8e45f7ff115a3c5865cc02 * md5sum 9b96b23e049f2a87e86412674d1c9b7f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSsYxJAAoJEIXCXpWhbrlN+cUH/0tVOsmcbHNm/FU437rQJ7AU U0lJG/VxQGy3DF5pJIHQJlxR20MUfMB6EmhHnmq+p9oAYEAkfn9sMN1l5t8o8CZL ubmjjtCxKUZAG1wTXIk7q5F5eQGCxDfmkAfpZ2Q6FsRbSzYHT7eT+9wzYok7SsTT INVnNbANnrlYHJP6hhr8RPqqDETu3O3n8T0Nq2m5OsHcXPtB2tidHqgvczNo1i0z A8AIg0IhxWZOKJsVxtoqH3COG6R8WwX+z39DLW2fG5ND1V2us0g9XaKtucGge7xi yvBPb6Hew++J2+LfQDh/YSlg6QPP2fn7nXPt0YsiBv9YnCRn2D27f16bbtFTGbY= =TqTp -----END PGP SIGNATURE-----