This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mibew-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:58:14 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum ec2cd04bc5eca0f7fa67aa9d77f8b92520b67107 * md5sum d58d9a027f6441f0eee696294a167866 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3fIAAoJEIXCXpWhbrlNEW0IALLcWEnZ9+qXwWBzMNlmLMkW UmSN7fyyqAkMg+8y22Wti6Ns2AriuNJj1xl6AYUgCwD6B5w5pOZ9R1DbPlrgraWB VcpZxMhkuNZkC9Y5aJoi8vkSlC+QpYVDownId4EFyFJnITdfQ63bfkmWv3RcVC3J AaBkzAUzHtTguaD7fSOsEMKMwqHg1ruTkHvVH8yRIsAyP0uIdRpSFE37zhXiEZMP WX4Ev2+ZBVRj5QYonIQBkn8m28HE5fDnJZ6FOWvwu1LMvTyTRZHDza5BEnDcgzDx sqKHw7slwZNjE7Dov0/dH+F4UYxJGkqqMUVlArj+dWq4DF53s8dU1zp3r6Ai/Iw= =2avx -----END PGP SIGNATURE-----