This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-couchdb-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 15:23:34 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 91e7f6016f198a581c0134d6882aa9a88a131d49 * md5sum 7974612f261fd3d0b2ecc0225c5a9781 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXV3rAAoJEIXCXpWhbrlNBokH/3ruYPFCNuT+cLO1abz00Bnq hpB2YrJNhjJJS+iGkgbI4GXJigLDe+yT/HyDHAQ1AvAPG/oZw50W1mPSoZXq2mB6 41HuFqI8r2E0T0l8fjATD9+KRp/53Penj/v+0svdJBkf3H55YmULzz5TjXqbNT94 u+lmycBClPklxNoY8EyT3ye4kan87z8xZsdJ6HzBrFr2NNPsfmFla2cmx4fmxXxU /KpSjE86f+JcnFWsfYxuScYIqKmPxi941soW5Opc7VzhZYY+GBdyLF9NblfZDins xy6I/Dh6rdNFPuxAzPxt7goTm8kcBtkMhyXuKeyj+rrHHg7/RkafRtCux3Pk2aY= =lWG7 -----END PGP SIGNATURE-----