This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-rails-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 15:44:11 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6fa88aa6f3ab830bc1cb1c218ceace4d4b15ca84 * md5sum a34a99efde926bab11c9eb683c77bbeb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgs/AAoJEIXCXpWhbrlNNngH/jnzxkL4lDuJK3WLT7ypp6T3 AZBFgxqA40Gp2bF6V6Vfm4EPY1NQEFZsEtatPS5gM5hNyxvaSu4qspqihvZodTIJ dOd2kDdPT+kpL5eBNuoYnESlaWE/Y6aXT2VGIqWn5w3tFGKhuDiZsDCSN15/yfFs 85zw28HQUvg+QgVFVio/DvepXu+OsQb1ch7c14pGVWDQ1mbSRnT3sXmWXT6vhmyh rYCtpaSbEg8B7FPPyX9Jb7Vmc66uIHSBHtrDChAE1lULiNSS/pEh0MQwfe06S2FL gGjE/EG37qU4BKe53OTYV6nuNf8v9bNWoLs+AYRCc/pGvMdRSMVDOpUt4n0aEX0= =JbIk -----END PGP SIGNATURE-----