This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomatocart-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 19:29:14 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum a9dda84a29d842a5ceba9ca7857ff41fd6dcfae0 * md5sum 7477eaee2ef5a3c969a73d12d512753b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZeAAAoJEIXCXpWhbrlNr+EIAKc2N9yhbqYvEAJqGZ4UWBZw sMipnf7PIIwXtTOdTnIa5eWsPMeJXgXpBDa6ZPOkEgK112GvQ2hMOGYePRouzt7Y QlmLXfUvOSsertZ4WA8ud0Kl+YzAPfmx82ly+/+bQYkeS79qAgQjIBbD/LS4SBwS yyH4Fjr1CCE8MqJtg6/stY0sf0zahIYqH5GKusqZUDsmYumyuJNHIDKMFsrstUrC A2Z/5RZm6QK+nyI7vVWl6fOsQ0UvoJ30EP81OSjhcb9BDWB/qreoSZrEA+btUbxN Nwcu0NXbEoMYW3TKQkY9Wt5XFoLLqapHXYDr1zs0zRBLpAeZIGSF/MoOIX0IDeo= =5+DN -----END PGP SIGNATURE-----