This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-moinmoin-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 14:12:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7e4be2fe5a3e2694c1f82ce26ff12b6b30ab8a31 * md5sum 950bd03ddb08d7c45f35d1e0f6a2f3de You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfWsAAoJEIXCXpWhbrlNlHEIAIeZ9oDmj5dIfLebZFYWqCRw wvR7KPdk5+5wJQJfIsohDoO8z3iXtwLLqgAIPtlo1OdcgK+MtQNrBiAnehIFPRXW hREnMOydHHDgGLOoWR9IbRsHeIqwuhaaU88i/7uqFNa8egJoTGl3JWhxvkqeFSQy CIaFtSr3qJ9E0ZekTiRPxcUUGKmbXpyrCly16ERRTXM5PuqfShCidP/8rK8VXlYw F6zLv2sG9L8J+3fZQWF+ARR/EjRRlb1lulB9IUWALbVC+bEbGS2Y6O1YGYtnh+9w yOw7hI7gjPf3NNIF6xHjM/kktV/R04sG0mPlRoSMeLVyLksfZSuhmdb8M2fUNpA= =G4JE -----END PGP SIGNATURE-----