This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 15:55:23 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b1a42f1c95393823c52486d948cc7361f3867b3e * md5sum 6e4e8da64a3c07c728315077749a344b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWVfAAoJEIXCXpWhbrlNSYwIAJxHpKREoM8aJ1HET6AOFOyJ d0mubnPItS5GvETxGCVHnqU3jKAfc4Wbvks+7bu/uuRpu7+zXe/ZU/U/Z6+84VBk kq5K+6Js1mnwf4T1YaPwM0aysgXMEQDL0XTBQbdferiE2O4Kb+sS2+kUjhtTnzzg QRkQ9+8Z7auT+Qb5C3IlIGVunFfe3F85qT3gnOdiVj9wVTxP14X91RmIWq/uepWh uz4AOhB7P2lUHBVl3tM08wpCQmdtq7z+3o865SACJ2HiTOcR8R5mShHDASxhDhN9 uC3lk1m04yRzt0ZZQBjMwbpvBimIgEALZ6w+thfdKn6/DWkppIZGpSrjz3MlTEI= =L6IF -----END PGP SIGNATURE-----