This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-statusnet-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:29:34 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 70fab676771748c32877a9fc37e5ea3ba9f2a071 * md5sum 0aa6cee58cfbcbcc0b66903a1485566d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM38jAAoJEIXCXpWhbrlNMQAH/1b3eJpobKkmvcwJ1ojsoRM/ lS4i5sikJueFNLyWY02D02xV3fuWMK9waGdN8OUsKURjCi+Jr02HwOkOz5Pa1eA3 uFFcnNmaFFgtmTKVLOaa8Fer6moKAEuPDiGUx7uGpjBUvamQ6pbN0zN7n9/ingDr Yl+xwiA9ElGWmx5pb5Rf+7zY5Jg120hjXyPCBdBTQC9qybwum2euO599HqhS2Wgl UxTKiWPYeO7D3/UzE/pU9xb8wXaE4afQ6stFLAqj5FVJyqsyIpXIWWLkl9n1aIUW 53wrEanPlmp/QVoEMb2IFxZXdlC6HE1F9o+XIXimaNNS4trheOCz4Amauu08YWM= =LwFu -----END PGP SIGNATURE-----