This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-plone-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 18:05:44 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum fbad61dd1d593c71ce122c6cc3851277ada5970e * md5sum 78fc29a4f5b1dde93adf1655120a0037 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYPpAAoJEIXCXpWhbrlN4dUIAKEivalSrsB0yqElrkio7FjB YysDJc4H4oUF8X7PEHesF41DnsQJzGjYpckj4dT7rt/FlIPg31iyDqJz1K14D7rz 3Z41lK+vtiaUCm/+KSFVYmPgQ0OP1sTHArpAStTIB3aMx7O/70jciY2gHdP+NWhl /l+meZQ5aJsT97Ofgik1JObGuzVXkcoKJ/cv/urwGthvnHblGce3CKIxJAek/iFy ZbNpXTXxSwfhK/vFXVKeDaUfBoxTAmvuWj81U8U2x2MQyqTeMrBGSORY5gplrgJH DAq1yQSHVKfstzniPQV/K0yUQVKPiVP4BcWeXvrkvMnNoXnBeBK0C23snqtSp7w= =im2v -----END PGP SIGNATURE-----