This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mongodb-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 14:29:09 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4d38879abe5c55468d8bd76d88110da30e0774d3 * md5sum c3867a17e3badeb4ff914563a6e7287a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfmsAAoJEIXCXpWhbrlNrRoIAMM24e27YlV5HqRVm8T5XOLm oKH5K/kdGrIfi2fMOErDYOXVKyMS0Z07TNCH5wGER4TZdIaSwxaWyIDS5Ds8zGSl uxAz9D0JjZGH0Osb3zn63iJ0Ss1dQZLP4sJPy6NSI93buyLnU+Wnq30rW5EzIuUn yXHSBnt4zYukPMlU6DYZQZyD8Cle1nXn31fuw3bZB2OkDUJ0IZE9/Nc+DyK5vpvk 2JgAGf152NqIkmypTBIP95RUSUsm4YVYLKLTA2TMYb9OsEQFgjla2CRHTyaO17pJ aaVybwCr/ZkYSjC+UEzpy1EJqz31RqehCdCWjyQZpWnsx89rqyCPF3YgNf2147Q= =sn7R -----END PGP SIGNATURE-----