This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-twiki-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Wed Jun 5 00:47:17 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 710ca4088355cecd5e9b7ce92875a1f7e5b7e1e0 * md5sum f24d10d313f9cc54283b6a7640ec4f7f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRroqLAAoJEIXCXpWhbrlN8P4IAIY1ZQpRDT/eOQr1gM2gsora 8ykekrNUqS98JjGopyv0waZ3CBavM0bGbvbswDWBd3sZiawlwL3CK6KJkBvi15WK qjM2T8U1JcAIItYccHpd1OeZ9Vm+p3H2oPjTIzj51QqU1TmvwZcVL6YysGfaw/To h+UeCm7tzTghLwFZiGIEAw2ItXr34DFlPdTwD4aKrPpHeCk4lGAlqN/w1tPcKcXK fg9xF5RFw/6t05xuHAProSrMJv9Modumm98g8+uYczpxut6xnI9x56wx72KdZPZD e6dLzK4H1JH0N94j18jR9eluyYEnyrhxJivHqxASPT9huK4zJtMXOTHDJYv7f8Y= =+yuA -----END PGP SIGNATURE-----