This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-collabtive-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 15:22:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c4b8627524f70ce49f70f36fe5fffc81fd854bb4 * md5sum b9b981bfbcedb73c47e17b563f24a27d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXV2OAAoJEIXCXpWhbrlNDacIALKs82YPZj+Uwt4sZJU+yFJm pONnb0F6ePjd63/xw50JZTm6M6J1rQWA5j/YGmTLhZNeW0k7FjB1/qpCIBlz5/5o OZ4nHrUYsmsa0+E37Zxl/TlJKAj42YmXU/St1jZ5US8ytzrMXa9GwfD/CKmzSPPx rGfl8l9E2KuaeHSftF7pACPZ4QhLcaPu1cs+Uh2l5W/GZRQdZXv2deFqaZ1f28Hr KQwsSaHI/9sVigAjvlpxs0ODKkqTu6lFDbSNrTU0ivOrilIKzspNsTcJW1m8gd1B Zb65iHNUgT7n4RD+2g16YkRcdLtoBXiIFkRiTKVgcgP2QbzNVqBZ54Y0fC1LfXI= =pEQB -----END PGP SIGNATURE-----