This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-rails-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 10:00:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2ff643e3f5679851a67c359657a7d0baf140c8d7 * md5sum b0d12ecb7b54df091413ea529fb0f2b1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmO8AAoJEIXCXpWhbrlNe4IH/2z1TgIZkaZL2llvLigmra29 8K1M++t/z0H/J91njaW39+U4X5ZKSuwIocXGVSWSzAN7T88xd624dRcUzLRzticZ jnlGnQGxrjADxJW0M+208FlXDrgkj+F/03ugcR45IJaDYN8uEhiJNCpZKiVJF20n DFBkr0ffc15umd7v4odGIV2lgfRh8UGgKAvWV/NYANUq4EGbooyIZCKV0vloF3si paudiJakgxigq+tqM08PYLaqpTu/wLtcTCQ/ob6rNUHB+osrCsf/TOE4/u9e0Xk2 90b1bjP4PiX8s8ShHUdGlh3FADq1dscEe3JD4r9dhz1kpv1itxf3rHWloMeCe/0= =ya8b -----END PGP SIGNATURE-----