This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-bambooinvoice-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 12:23:21 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d305be4016a0b8eacd44492d762755071ceb7171 * md5sum d394a46f0f1ec00236ac8bae84d0a93a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrdwyAAoJEIXCXpWhbrlNACoIAMLJ14L8eweMbk3GtXaPr106 kOAmDctgN3D4LegaEs6szpaQrJcCrlh420CHhZ6UQpSIQ2Z7LhMbPlVZ1joNfReb V2urGNtYSkY9VPltN3Ce7+EqXVxb2L9XPWoazNZlaOZ7h4dtg9fOUx9sLJcwus7+ rWBFKgNWv6ACL+xEfJVE9i/dlCGkMMC9IZ9rLVfP+oavyIoHCQUY0a1OE/w9Ya30 hBeUdYYVmCh8E0uqRCzi0Ma3FIbYswmbdkB6GVe6TgOxa+1uB7X2BSGrBbKYGQnq zYy21lnSbB8E2+BwXvmLdrgEeMOlCxIHHLC/j/sj8NRYEeCF5ebuhF5S0RQV/hg= =noZ7 -----END PGP SIGNATURE-----