This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-pligg-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:13:37 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 19981f99628d69c957d6c6fbfe2fe4e9877621a8 * md5sum b121a7856894326e40115ef03010e4c1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3tmAAoJEIXCXpWhbrlNE5IIAIK0Aryzq8Itr/tBOai79slh GanFaZPm09JEWRopxQ+IcCaJS8BcAu9G3Ge6CBH/QzE6AiHTKoteij/phoOeeMZh QpP9uoUuJPD+boDxfJEuBHDk0dhOxxsPQW/t2GA2vyTB0BFoRYSAVZTHiNnCt31e hVTrRo6k5y4FvYa9/jC8XosNb/2b1iCD7yTJAF3H0SWyFhohlJyQU62CJzaOZADI XLgm3dv+gkXd3f2UqHEiGVLQUmxynfNcP/+Cevawy8kE2KmzXb7y4Ju3wzwvi7El PqONVvyWqb05BGgZsX53XZ52Jbr/RBABG8Lh3q0OUZ+5WtCj3nkQO43wi6eRL4s= =Gv4z -----END PGP SIGNATURE-----