This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-trac-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Wed Jun 5 00:45:34 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b35e87f2eacbd48a9d1a81764ab95dad2459aa5a * md5sum b2b02f2826f4f7cd87521a2b49a38a65 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrooiAAoJEIXCXpWhbrlNs9cIAM3h6aDVXzAsclQyJcXYIXgi vdEQwEfKdZopf2OYsilNWRqOMI1wzFIir1YenZTuGQBSwdO06HB6qLnfgucxXdL5 lfnc1ueF4lKI1ieH+1LFGuYQphjT3Ya7+XJNUqEKTcw4UC368uJ60GWmgDwFYTx2 muPvCSOW+plERJgEt5WWHI+U315q2EyKV/WIPvy8GZbd8hEijaOp0cw6PMNh0Eyj DFcI4751MnjZhLjj9POe/KjqUL0qE9hM0ODdMQOwTVe3EKqIWzVN5T3uczWHBEdO C5xYtle/a5cT5GxhKHmpILaZP2Gq38Xzb1l7os30/W2efj6a0sOa9+LFK9ZMCMY= =39qG -----END PGP SIGNATURE-----