This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ezpublish-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 15:56:01 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 80a3fe404668f875ee37c0c1ec809cef7f8fff12 * md5sum 2fcc84152b1f88bda3e7eded8c8dda00 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWWEAAoJEIXCXpWhbrlNkwgH/iKNuu8IQ7lcx9E+xAOVK4by HPQz/EISXPPKF8dEVE4JNtN0mBY+wTPose6pTEchFTIDcJ0xerFJEiTo4VmIaZ5I cjLwCj0GVS3yZrGW3Zdz91oYkhcCjKkxi8TZkeIla+ByTgpY7mKJtXh578CJ6vX9 DrryR0UgxLrcnuaqHy+wxTfAFKGokkaOrN6sT0pUuN4t/xdugaTukIbsBH+1Q2x2 RjPJMfIv8y1aOT1vlpX7cUPZ8g9ANIakrO/HGcDDx2/oJcht2pNg9GRiqFfqai3e 76vz7DnzLyalCG3TRGXzWvwYgpMEHGMWpVoBrmrNA0UW0MNqyyWaUrfr+3Pup2M= =JWZw -----END PGP SIGNATURE-----