This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simpleinvoices-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 18:42:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 12a8017b9a820eb1a4dd601503d3dcd8867c140e * md5sum 2dff440a242aeb05bc8afd1c70ef4999 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYyjAAoJEIXCXpWhbrlN3KgIAM+PhaYBHu+EA2xYZ5Ksgx6S yDfyKGCdxxALh5qYmjNyyK8oFTEk9TS4pyIvnddWftqr0q7NZRKZfPC6BZKpytVG y069IkW3wex8IiQVYxhEGxbwjyIPGWHz0BgqVOe9i6CKvkSYPFY1iqRMsmXMSzR5 6kEvTBOAY2G1sh/L77oyTj7LmVPT4bng2jDk9qieiroHn5KJCciXCxEJyi+FQ56G 4vpb2FgW9EtJzeWj7GtSmQhu8CbxgLRbU72g3ZAWpbI/XMwkJaADalwYKE9il59t F6chH+vqmpfCdtPkxkmi4CFbipJ5uUUl6YnGuI20j/DZAAtW9cPmK5vrdADVW5g= =PPtq -----END PGP SIGNATURE-----