This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sitracker-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 16:01:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b5ee9e242efe6c719cbfc2ae41e00ca064b6f234 * md5sum 9d5c6dc3991fbad8becfd685d710a69d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrg9AAAoJEIXCXpWhbrlNgVsH/jFqvXYyTUvmTZJQuvzYod4b 5xU+9qxzxo0Pt5Yyp63ljnAktENBlF+kKWDHd1fq0K3Nx8VzsKdqg5zZlGfxfQz1 /Tz1NTmtN2vZQXKlKD6jKBZSO8zjSTLvnWZXQOVZdT8eh/dl+d32ABL4q05wsHk6 qr1b4DMOTZxZ7xCbUMzKDBiEXIwA/RKYT+tEaB/m2E/TO+XKgf0UkG0G8WQipuc/ aFv0U4jZCz36sm38yduQt9wNR5CJsWkhPt15W6PEzEBAE8/4mKSEDpKxxE+GdXlS 5rabHTM6HL1U2bBayb0SsmL0/4/g+TO/2LFiXwRGL020hsZCECMj0km0Rmp8as8= =pj8r -----END PGP SIGNATURE-----