This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-appflower-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 19:46:16 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 32fbb39437ee4a09725467c63c535c8fd1c909be * md5sum 0f1fc80f71c8f06f3f902655a015e482 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkP5AAoJEIXCXpWhbrlNOHAIAJleBci0hRG1UWiQgMsMDSJp /Vu2nSvc03ZUmaPOdV230aQGOlZL46KU6R2ktsK19OwwMLy6dWSIemQRm1SrkNv9 dLLLjG+tdhmbjqIvBwgYy+6iDahVlQ22J9zP8VZTsvPIAgBMFNZWKVpxjgZg8W77 xlwzxtMIYXgZLMGQDcXwYR4zoaTwDP+Y3DcaefsE4R3Vd7QKcX97PTAZt3dPFtam 6plIs2juDyEQUq3Vb8KBSaogSov/KYzutVsIhGE46ARGyrNsz11uki5/vSo1cwZu G/6Ib8zt0MNlHfhqXKLlIL/BN4KWpY1tw8lt/M1rg/p8ro9QZ2Ww14XNzGVWFTU= =bOpB -----END PGP SIGNATURE-----