This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simplemachines-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 15:55:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ddbd79f2bddda74a8b953c2d95c94b7901147985 * md5sum 12e5cc073605a9410434558296dc3f5b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrg3sAAoJEIXCXpWhbrlNY9kH/1dsajZdY46/Mtz/Dst7omHv w15JrnmagyyfihGNpUs91zumiHC/ohcmOhjebSiwW60c5R2RKR4wgT7r0lt9obGa BOoT5tlzlOjNnPeF5Y4/i+5wYKb3kCHbIQc8BzCTvk6P76lREH+8Cosb9j9CkkK2 8ZEfTOvc78/JlITmoP3G4I64srZA8zHdsylrloWNZJUxlHQ2ONW1CQEUpt9n4Ih6 M0xC2DYvSyv7JHNiDa9X/N/RzCsV8TfEp7vWWmLuQz/6VVd6sRSY2D3QBbKUKTUJ q9Lo45Iw0XqJNPPZGEJdldEHoEUhyXlM6WckloBl9rY3/cxWfNrKZOYV2rcFWeg= =DkRU -----END PGP SIGNATURE-----