This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-plone-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 15:24:10 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e475201697cec4e730dc1ab5b0f161a063a5e152 * md5sum 6c1e41df05a265329dbd6557e9263c92 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgaNAAoJEIXCXpWhbrlNycEH/jCcFNuU4WcltOqpS4dujz76 VypoEmceg8heG4Y624dVJNaekOy+qqhfMSBsyawJajEpUZlrhRJQ8FJIPPNIldrH 2K1dknCbiSjzrRnKKe9RBnaJWTNV7EhjgFqpdgvu2YLMvLJa5nJs6nBMOdsET3NJ Mv+XcOnNPh0+LBiNBWkeMPjY/0yNWZM3XQ4EWdRIvbAudrRmupgalX/8hpvmaykq 04eyoc0mNm4EKKu7QqtgmZjcDLmt9BhsN3Rhpn4xfO9JHGBeyWuwX5HCXREVDnHg wXFUapFT3h528EXsLmrCAYZVEktdZnJogTFuf1ck55P9SyQu10PgFgTgcmh3eHo= =ok64 -----END PGP SIGNATURE-----