This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla15-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:49:29 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 55c8b4c2a22f1e4eb4f046d468e8e83468a6871b * md5sum 6e989dc87b6902fbd56d608eafb85b3b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3W/AAoJEIXCXpWhbrlNcyMIALnqSbB4GG7Q43PvKi9nrbrH sNVPWp6YlUtci3dQy+tQDfCgpq0mQExsaPV4T7z83e+mcOkmKsmyCak2s4CPmLlJ 4pIeZv+3Fz2tK1jgBLJHFjqbmN7CEHl7Z/1IuwjhJ9Z3ZZmPFX80+n4YnSl8o7fS pInFSkrBV7Q2iBkwYBkoiPg6uczIvrq7I1qcxMrbAMS8bK/Z2ii55ApOi0br1cz6 YOX1SXhqIjeYUABE6+2SBw9zQutrWVZagECnCXqbxDL51dc6/Q0kvhUoSjhi3S8W DC3HmIua51BGST/ia6sOY2crvfwGQub+mDvwWW6U02uIxOuaxbFx5bosvNjKd7A= =xcnN -----END PGP SIGNATURE-----