This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gitlab-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:46:52 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 75b5ba1f1cde33e1c0cdc158a4546d1fe2b0981f * md5sum 7a21df6563a16379564a83371b8d527c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3UZAAoJEIXCXpWhbrlNGAcIALHmKge9LCCweR+g6ndI4dgE VuFzwwe3aX95W/ybBTG/TX3Rm9UuDolwdkhXe4+o0FK+3DIFqKRmQG/mTECmeX+S sIob+m6bo6WGkNaIze5MUxgI9VI8l7JOstBPye2gtQERVqRDm5IDCT3FZlzRHk9d FGT/EvZWe7u12OA9VHfPH+Zk087QhkWMlP91lGgUXWwNYorpN5UGt/d86LnmsPRx Q+X1xqofBw1luJ9HL3mmIe3GyyYgwt4hWNfskS88fEm1fDEs5g5Sn7/iQcBfa1WY g9SkUJyjfhB1+OAjXngvGf8lik6sPYHdZrsU5onw8tsBGzW8wVGa6l7PS/CoPt0= =kR1j -----END PGP SIGNATURE-----