This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-moodle-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:02:20 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 66c97a9e6c1d886d85c858db1110c60e602fba56 * md5sum 7c0b643283fb3462e7d8571db13d090c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3i/AAoJEIXCXpWhbrlNkJoIAMKmLJLN7rRUrRKjapSB61KR Lj0XpmNaHSrPJtiSLUbaEvg5BLk2yE9esgdq333C1C42MQuNzENPu917V/Q46VDV wv4beHIzQzsWKoblbl4oLhBMtRsmqJIb60+gWF918HipqzcLrIj3lMb9QuhZf+/E 8Zmbk3uKOz04pAhg7x5nxUquJKtgrbrRkorMdyB2xMH0h69zloGph8J1LNK6waCY 1QHsPp/SoFqmbSSJ3fQ9Jz8CVhjHfAHd5TwR4OCMAYPwHq2UzIWomBPFPtZua8rC 7pIi+CxoJIkA0JHrUjYtqXG0DR/SEuaj/IDbHhcBQdNJtC0UCN6Sw9KaM11NvWQ= =8LdH -----END PGP SIGNATURE-----