This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 16:13:18 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9bf95fb80c780a3b0069f488d478aa2dfadfaf70 * md5sum 1a3f07a999253e57057c839604d4232a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrhITAAoJEIXCXpWhbrlNcQ4IAJ6r10qUORwryXRdOjxM2Pm6 gWCKi0JKwomjWvJuk0oB8vLfIQJNP3hmXnh50WgfNULaIFsEp3DiVXYHjdOa0xQ5 zb+eLMMWpoRMKKI9B+HuCQpbGkA05EmxMrXddvE8kFyyWAFAxASzMkTaYlBIjQ6m bcWZWWiLZo9WuVvEpg7EreJeNINLUxZuvT83XDnwVcbVnhSO3kCUyDDQHgfRNaR/ 5+OhI4txoNvrSqGKz1Fziku0GHk0fueLafZwxpC5i+JOGTZABE6Q5owcLceHv0pw FR1ASBKE//q0D9wc0sKusJV2m2sPX2h3LiVZWtxnaaL0QCsLU2OqmzUf7xLLpnA= =04pM -----END PGP SIGNATURE-----