This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mibew-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:58:00 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum d561629cf11279e59abbc6d8cb4c5f76ab14d8de * md5sum 7f849faa61f7bfe8e0c5202ef0978632 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3e8AAoJEIXCXpWhbrlNAqsIALYYuHrXDB9G8UBc6Q5QH2T5 uGMcbfxLgirrEsxWvvUWYdBLbJo1HFdXF0S+NeVV0el03fyZooRxguZs4/fleSYO jPd7tVFmYCbhqGYyxpWZlsSkDoKJQWbI7vtbQoyjycRMFitCaNnFzJqiy6WSlukK OAYP39VltWKf0KeKE3nj6YphNcULFgkWEUNjU2EDCvii3ouCRpmVvV2Vn9uEtUJT 330ya4r9D119gaO94eZ6VZWJa7IFg9nE/Lh5+ob6e3RsQo+66LAWszSJupL2/MfR LCPeAeKZ07UKjnl1WWZMZxnIf9WuRSjnZC9SevDPPDBsV87hJPMv0iIxBQi2rBw= =vXjM -----END PGP SIGNATURE-----