This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-revision-control-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 15:44:18 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4f57826d1fe8989ccf33cf89466bde8d84fab6c4 * md5sum e8bda0db9eb663f4c5f3a80140610d22 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgtLAAoJEIXCXpWhbrlNygQIANOCYwI61jrHizb66faBUNFb NA+lt6PyKj3mPlmeFDBtl4Qnom/LybBn4movVevMNb0c3sLd5AxyqDI6NhWde4qO g8dtIDoMbIgfVIZdHkDRMCTfaONKqLAELCCkMM13FpU7DKHt7hBAk+Yuvqzt+dCM gTzDmt+ZC1eM9zYLMb9Wons2ABXEpnN6jAGebX/JIST5X1cNgLMM23PSOXGKUZ4X 5bJK/0NomTv/nz4DISskV8fWsBeFak8PwyxEHZ8bH/cYeGZRAyugkcKYDp2FqSPh /pQexY5bmlmG2OvLZx4vEmvQ0ZPBjrFb27yDvjEsY01h+RZoj0MMBQDzyvcp8fo= =KCQ2 -----END PGP SIGNATURE-----