This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simplemachines-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 19:19:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 957f9248a5bc06cf12590e9c25317945475ad22c * md5sum 8a7e522c294234ae950f9d265ce0f9d9 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZVEAAoJEIXCXpWhbrlNH30IAMsK9M9UKfx7TpKQn3WYh2Zz 0kr6UCc13dFlxDr99JH7iBqyzKn+LCh2ka3qQ65rTcTCd5V57LXMW/fRPOgA+4dp IQ+QByBiE378eFdwuxwGVPj4eRQCSPFVIGvIsTJWpP4yKALEN+5gHqX2Df0NeuBm e0729L/fA2DXl+fWaycUj7LuWB7I5hyZroFsTTNf7IO725mKovdNRRPG89PT3kxn j2oYlY93TlOJNZBL4PY8haEbb3gd49bshvVvWQ7lU9z1j+rYfNH3HnuFTUZezvsQ sDN8jB0iayY7wBKX16mcn2T5PzemGeYdNl3qfQ59Tn9UxRmTaVPzfRwnWdDpRrs= =l3Rl -----END PGP SIGNATURE-----