This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sitracker-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:26:56 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 9ff195887e3553116b8efefda014144dd5de515d * md5sum b4fd40be3c48aaf85cd577e6b7d3ed0c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM36FAAoJEIXCXpWhbrlNuyIIANLwWhjjdtLEfSxmj/mEW9Iy b4GE7xRo/gkn92fS7GG9TzqFq4pbYd32rBZbzjNCC8ouDQjwQztM8gKKgb+nqKWY dTbjRVxW7Eug0n45W/IZ/OFm6Lgay8aZCl87+iVEIYSVPfYBg/4jMnsb52nyP0cX wlSPW9reNKeyDYjGhvMSkCFMFHijpoQwqOBO3ggz1yzVoXSYW9SL14cgQuzZ5ZQx jEKq992w1ZIPNHTh3lOBk9EQEUPOht6kY2QLcOU7kNZnGDBpv/VT7MxJBPncSoU3 Skoqh8WlaRAbv/EZz8Gzqi6gGpRRsV92tjXGoMfatbiobkWCC6ZqYF//WcUYsV0= =KUii -----END PGP SIGNATURE-----