This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-couchdb-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:36:25 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum c246fcf088dc5e4349f79423d0a35525f667f34f * md5sum 7ba57f079a774117ab80f29e6007322e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3KuAAoJEIXCXpWhbrlNZ1QH/07HPXPIEDco4Kf2cnAcx7nr a1WKbSsMXLsMHktuK5U29cMfFPmKt84L/NIK5DP6qM7BA0CAYRTsMcSVliRCQnQn XrWZpx942puLKwaFBJwKXFXO5tlIRwMp1BAT3NoByQCT+h/DRZw2xUUIA77DJogg 3CQLg97EDXpK9sj5PKksNu+Gr2KOviRoB1oa4zaO4usLLT6aAs9Aj6WlfciZ6MVK 9qxfZa10WEET5hpzl2OxegxuEf4VPhqKv1a8H6SsSYSAr6UMd9FGrltwZdr8UhvU BC0u9aH+sDtJ5a8l4TYgsHHuO7L7HvoZFYgKpD7iA4/P1YmXkWkmVnFbzDdOGPs= =NGxd -----END PGP SIGNATURE-----