This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mibew-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 14:11:13 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5db6b5e71c5a5f33df552bb57010e2511ea19c56 * md5sum 20c9b0281fcc4324f555d913f555fe29 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfV2AAoJEIXCXpWhbrlNRXoH/AnOqpzdZx4Qflww/MtISYTA bRSsHBAYscrQB41xMesk0tKwp12Nzv+cgtYs667xbZV0ANKKZtbC4xry9mY43a9h z1ztugwL0h0RPxEuydOu74ODEa638leR33Wl99oJ/Qad+Y2yLfhyxv69YU4r9R51 uDdS+8XUr8k3u0JAvnFIkpfdlbmD9cPLCW+c9H9s7ZWJLs0+rm6FPsQpzvWa+SPg fnIieA7eJMXrTqB93cMB0iisIs0j5AD0RV0MTTfOUAHJ7vSNbtsVCNnrEHEyr7Vf /dbgQJ7V1miFZwdjP4Le+vVYhqG3Qn4nTdkrAQFGMBmGZu3OWOKJolZ2ALQ0pMI= =s5Ts -----END PGP SIGNATURE-----