This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-web2py-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Wed Jun 5 01:09:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f76318fb8fe9015ecd9c48aceebd296ac57cb4cc * md5sum 75686a0eb3a25fce9755ebda181a0c38 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRro+7AAoJEIXCXpWhbrlNLbAH/0olUi9kl3p8bU//8Ca1mJrh 1ruRm9zR6cO48YxO8zpUimq/IaWloGdWccBVAGnsDpiRYL0arxYtDza0MePuoyNI 8gi3KzvxeamPMCfhAAhSbNlFnG+7B6hsElVufrBvgyC23FWOhLv8pl31TEICQQLC JVEtvrNyjouRh+s20Blr0f3QOzmtx5AnMf0KWUrkzfHXI4eXqmJNx67hj7iumpwH H7wmLcF8S9EG/92ZShZebsRfMMyZLcf1f1FAARuSro/j1aNChcy88h0eA39Zfe+Q r7h6FMbFkDnfHMTHBEMK7ncxLmVjNuWiHFZjr7PETS7sZGTloMnwyhUffrzHYP8= =UzO+ -----END PGP SIGNATURE-----