This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-deki-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 20:28:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6821e0286e751c5624f63d4bf17d025dcdcdd9ea * md5sum 805f496b61f5697358fe4ff39782b106 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrk3SAAoJEIXCXpWhbrlNaLoH/ivZ7d6B95Tk8hPmdd/OKXag T8YD8TEvtvqBQi3kmq2UQgfjdnhBjZclozF2OYoZ6nW8s81gX8C6x454hcw/6lLZ 9fay/eChwrK4+0IOR5KeBb70OYdoOMGATz2Zds24FtwgUQHAz59rO3mKe8ut0q4l P5T0XvckAjBIw9IcwgDLKERZtd5UcWYCCcOabhL2MlzDPjiEkR85vA4ktq/aoQTV fTwngOa2lFE09kTfMVTSRJTiToiFA9motw5DC8gQhCtKF5epWkv3gdx0V8trcYQz 27yzM3IT2bILpT6LwtU5Iyc/IdZP/RXj73gLqvqQ5qyKC4XLeyKjvCkcUiyoWU4= =OayH -----END PGP SIGNATURE-----