This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal7-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:11:19 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9f25ae44c8914b83128551811732d82a1146155e * md5sum 9e300603af398bab98dd9c698c99b29c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkodAAoJEIXCXpWhbrlNENsH/1v0u29NBbyNjKcZA20Ctuzl vArV64DVPRcaAWS/zpOv8NuTovneosYUJ1u+NWK7YY59+T+hKjYlWyjZw9qV1npy FZpf10PWEu139jibADqT5xMLdlqauNX4v56bt9jrY1Sb/YkUia+9bRXmqU5MrWSU PFyP3si/cJTTVx4vd1UUxdvjIaTOGlSYQFQdYC/RPQNvbUEbCPAbM1g/LTCrfPEn 6WLU4B8hOSeZZfBm+a3F1E8vEtrCuGvZNOMc5bbBd+coxqQRzjYZ0nZMZ1i0WTVl J09mPdtRjnPUSlWttXoxYp4lWtESYLi/fnWSx4OVTCGQAenLHdbD4ikRLe0T6qc= =RBVt -----END PGP SIGNATURE-----