This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-processmaker-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 18:09:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 895ab41ff5f9268b2a8c7b6ff8c7139bf2edf24d * md5sum 771311f95cbd5de7d70826f9b29bfdaa You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYSyAAoJEIXCXpWhbrlNo4QIAJf8RJrCXMRis0Wn8+0Ao6pd KAfH7ADqE76Z+hPwWBD7KVrjfMwb1HMQ5AlANUkyMtJGX4SjlUA6XuCxPkBevMgf Qv/eE6CIs33tcsdTtM+F6NzKo55SjxzAbCadWw1iz4MF9eBjvoUWEPM3u3z3BCfD drCAP+ohzwwL2yKWuUflQTSaxEkmEKTfRJhlnI9HoJmUckM7trgZh/PEwCoFYSWS PaIpryr+tAFS3WYGK6Kk+Tpe5E+CH56toLf4/5eAf/PeZgk0IrZUb9BFOnvY61pi vJn97Ddf6wZAMW2w/5wCh68Fqu6UjjH5oK1LeuACcJBR+jOLIIQuZsMVa1/WHRU= =C+lx -----END PGP SIGNATURE-----