This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-redmine-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 12:26:25 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 86faeb7dc72a736bcb6b5e7f63af6aa41904bd17 * md5sum eb967014807a76ffa520c4a2083e8b77 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM35fAAoJEIXCXpWhbrlNxz8IAIYiNmLcqaK+O9Cy5D55uD1D aKx9wzKFJRQ0eliymuxqQRp7kC2L8B/9ujORSlXPH17DnuKevb2poLPDiKaC0dGN j7PQLz4i9PlO0X9Fwsy6rpbTiGH/SrgAXtGRj4Ox7viJkfwz7LHG7s2aSmQBtHDZ q8d0uoSaHD48zc5fqW+O8/vSIUMZajRxfFUbiS14caScx3Tqlc5YIO3qT/zuLFbZ M07uMLT9lqo/QD0roAwPm4klL233x165Wt0xAKHUkDRinRSwLcKP17kTKlQUKRHG /omVRSzq8GZPdf3Q7R7WV99x2rccNOY62FGKkfv4tikIdwoC4IQuX5CPJkQd6DY= =NjB8 -----END PGP SIGNATURE-----