This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-asp-net-apache-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 14:50:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum fd58847d6eebb5f99379aacb02e1b6a87ae9d67d * md5sum 957d9f829e5cf7729624b3489b8d7d38 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXVYuAAoJEIXCXpWhbrlNA9MH/3MrwAAm9wV9ohGSAbJsuT2l xKZsV3WOKwP3ytMvpGxPRekMmSVLQnnW+/71cI6VFA5soTWfjLPCncuQzXH+bEBB X/zojbG+LTeX0+OWDq1YXZxKZjslqEM8+2J1+g722JOJu2kyMur9n12/YST7da0j L4aFn0wlKhh7GXKkOYQu2bvZ0WnhfTzS9Xm7O6oQTSPo5/sDq/Tfuvd9kC3LyJ0D aL+RtOw7b8VmGbatz7VL8PdTRU+g0MSwkjinOPCJIjn62E0a757yHL+UFTkDPghx kwnTDkFw0RnUi36AT04pdPkUNgC7SKsjdzMO+/RUyYmi9xnr5s6RaRbczJ80/wE= =dPez -----END PGP SIGNATURE-----