This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:43:25 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum fe8ce9efb7b521dc7cb623d356d683cc737bc554 * md5sum 26adfda1a91f6440f6cb4fab80ce4881 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3RSAAoJEIXCXpWhbrlNiO8H/RoiHcB49Z72aObKkZhbsYIZ FtOH0OZfRyfYfoV6lBquz27H95Z+FBgG06eSY7z+xLKahicWFaWK4Ov1nkLP+Bp+ qotCcx8fJT7/zD4qP7k3pl031+KI9egUWD0yTBgy+awzCzyS7TDanF9iAPEPjh9D LbZgNMrHc4lwRH+fnV3/dHGeXGw7qzGXc7vanKMYiMK+QR/hLcvzGyFCPrSvDHZb s3W2omnCJlsTFF7A8ageGu4bla9aFUvbNx0S12ur/XgtLJJwaWkYK7eDXBhIWE2D gHNBQ1QL/kMhSJL90/0QPlVE0flY7Y8dhU9D/bN4TSfDlXNgHMLy8dBtel0pbLA= =Ot/M -----END PGP SIGNATURE-----