This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-trac-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 10:27:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5fba3c6001e6271aed1e64c0674ed897ae1a8df9 * md5sum 54e2c89cf32556e4a1f55b3040725d1a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmogAAoJEIXCXpWhbrlNwcIIANOP8Kf9zc+u62/YUCoRCTTJ IZaTSwfaJgVkpnD7hN55NJfRI97tr+xqyi2KHjp/d/tkNUtAKpokQukWGSAxUhTt vjJwMDuWCu/1b6C8dLiDd6+5gnfk/90bFKmhWr5dSkHinnSI+J0h06zlTVrqJ5Ct PWOx+ZlJE4BmTwVFP3j5SfUyV4tfZluVPlz9fMXXRcGGG3Zcvdy4hpdbp5AW8Mnt BJPXot+6tUZq7JBxa7RUVJw8ITriuJqQCr5pIY/eCHgjvBeIl0p458a5gD66Pqr6 kB34ahWNNnuAEtT03aUa7Tbf+ZMClwSweKXdKXITVVqtqXnZNnszSM1bwsd5F3o= =VoV+ -----END PGP SIGNATURE-----