This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-fileserver-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 21:05:27 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 41bd97988d11b11d7e2b90811ba7b7defbc0c97f * md5sum e5314d4f15c22209852dc208ec917b01 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlaIAAoJEIXCXpWhbrlNV+EIAN0W7GJWp84czEua8b6896nd 6IvGxyKiPxkZUwyORNwThrj/Efmztc20hndrKq7tnuNgobcgRmw4pD8haJ8nOMqr i/+C2fejqCI+PkeJnnV3ayqte+p6tls1r6nVm7kdRSJUadX3XoBQJfXr1B+k+XWl 1D2DnFHSmeTVw/z5SqmkT9T5ZxdHyh7mhGWNOL/UFHPs/egQioBhP3r0oDLCMSak 47S8DmzsUqYsqyBuDhbhTxqTQctS6B2ZEq1IKbWTBRoS5M8jYCffZfj91SN7QhBO weTtuFbff4vpNYH2Ve9XHGS5D9BuxSzuRZMINSGyUAP4QM2QjB2rsm5avthCOuo= =aiwt -----END PGP SIGNATURE-----