This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-vanilla-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 16:48:03 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4ba7f9da8c8286eefde4b3e0c8c61e87491f3a00 * md5sum b8462d91e3541a91855a3a3e5d8baacd You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrho6AAoJEIXCXpWhbrlNjAQH/ivtdj/OXdex8X8ZdCOwIqWp oF1VSMAeRtrfgA8wFzVLyVIulMuOgvCme5eHeZvI6zP4LlvMh6cBEu5NcigYhWxM SHhRzadY4VWy5Jjdbixw7T8a9Re0fkZyqbJP202OUuFHkCVJ3ERKwi/kNDdmnWl+ TFZF5VwjO7ILiKnZUDPWsEMVhmBVkvz6TggYyhSQESS2CRSR1xO78hUnPolfYaGz 4jcP8AU+kKgrOxrx/XQGs85VrVjg+O+LDNjUJlHxsHMCTndrQSqMm6MgTCEy2rD4 GQh2lqfGDcvEUx0xaKJ1IfQC/ICWW2W1MgoKKLR/gxay2LwcufzkQwIkmeDJdQ0= =PRRM -----END PGP SIGNATURE-----