This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 21:06:21 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6a12c251fe740ed1d8c73e14c6caef5b097aa71e * md5sum cfa85244286822f9e4d3b389467031d5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrla/AAoJEIXCXpWhbrlNpCMIANZ53wPtbfJMGYs1XsMrwx1n +bW/X22pn3q4h+s5U9YyWZhYkhlCXa8AM2tEx7yi5QCibMLlm7FUzp8R6cmv6lkx 0jLP8RnQQknKR76IMipu+BZlCEKNQjo7xa8nyLGjYtubQ5xNUwmTNnJZ1DaaRW0P VJs4OOn9wS6QeOy/ICWB7KF6bj1HEWljExLBMIk69qf1DB0vAKJybXkkBCNCvEE4 /Bc1vIfqmVSt0GFcj53mSX5HLfZVt9qZON9jpg6VcX0CkWhy1/HeBfvKnc/Lj+dY Xx4cVnCRzCQLgZsvSH+4D2HTKyXNeb9td21CpZYXYqcUIZEeLRLuGodtzke+J6I= =C8uM -----END PGP SIGNATURE-----