This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-canvas-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 12:33:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9cafcdabf4307660f4aaef3a3a4b9cccf5ef9eae * md5sum b6265210d129a7fae82ca16ef4141549 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrd6VAAoJEIXCXpWhbrlNWFoH/3g/o08hZxEHUeM02lWyBrdD TRnQ1FgmK8QBn36tBadOTZ8W4voDOXj4yu8rpGASGP/BoxBtAIiI/hePhcKBeni8 T8rEeS8j48SG4TbAVlZHLALS6VywCWVplq+JPUG7ZqXd4PdABtyWXKlzSEi7YuMi 4WtUnJBe8LczoYZlDPQalSMOn68AUojN+Cs5RNRLe9FakAxywJr6bzZjHPm8+MR1 xIhFB3dV1fHSwLbOz3Oj4LvN7aGVrNrWG3EGta/UYaiXbHKooe6kQoYXT+1RLVFC olSn4xzTNUyfnovVKgjtyO9sN/+VlQTX4bBn9L8V/mdlWjjFZcmlSQD0FPSyFxo= =WF3Y -----END PGP SIGNATURE-----