This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-trac-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 16:33:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d3865d8a700c84ce46a3687b15d79fe058be31a7 * md5sum be91b830f5c51781772f4becfda8318c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrhbYAAoJEIXCXpWhbrlNYfkH/2JbNAp5+j1geV4G9uXxl/qM IEqfroGvcjGsnE8hlX2nH9DjflKtKpG5tlJrAuK8KkqNNPTfVOLadzAhH0la/+bf SFElu7KDjaXfxqaod5gBxZxcVAoZNYtp8hWlIPQRb9CouMQcAHkfdEfRwDntRfzv Wx3fISvwZz+RNrwPMEfuKQgQTgsGRPKHz4HZXKWjPBsaPvx1CmV/9PeW+ywQH3vs IIex1QqjjjeLPKZoyrpiMeS3yZiRuNeFjvIS7ahC/AD/Gnx5nGHcXquJ9D1J0bZV 6omPG02KaARDJKHnu1QxQa4IOQu2CqGcv4rYhEqVbqOz/FcMYgPBBjdK5vBNITU= =VQRm -----END PGP SIGNATURE-----