This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-etherpad-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:39:16 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 04fab77949da3d2310515ae94756337d11015fbd * md5sum 85eab82f9ea38bbd7f7602c50214426e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlCpAAoJEIXCXpWhbrlNZTEH/07gaSD2yMZKsHqul2/i8TcD jHDy0UGyQ7BbAD7UVev5mkhjCM9yZdWn9DvDKTmaSKorJ3SpgCBfFLOlocIwhNoK BYCgAGBEv76PpUd1OoXoLRqpaCVrGyftSyYgv1cksqs4S2A1hETla41QsB4Buuuy fxsk0POb1qrx3EeNzmW3QD6vUITsBtNwW1JM9v+J8FissHcMiKcrzEMrgnuVzCGl EDTgVlS87I+xSfBIdzrZUVc5PzAMZv2L/b+3uDvDcLyWbnsV6vIjlOKskcpRIGLt 1mr2ksSXO85Wxt9coLOEYtxdt3vkceCXFh5PLuDSwSmcEVVpR73QH1fJAC22mbA= =qEtE -----END PGP SIGNATURE-----