This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nodejs-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 14:34:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 8d3624732f8cfc7730b35c77ee69e67b68baffbe * md5sum 31282603540ed47600ff5778818b0fac You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfrlAAoJEIXCXpWhbrlNYoEH/AkemDKegysIENUvngphALMx gjIvkpXiHy38Q3RZwyHR/L1yqeRMb28mvhVveYTxUGV83zTWy8bg+Vngt0NH836h iY9EpYCGgNWuL5MqNwwr8EICCzoRmkhxg5rnnn1cYgh3Dtf9UOq0vc4W6cryVk1U hp+LRWnauB6yjUpv25P+3HXfx/u9xPm1hxdLEFtCq20AprwWiMKFJuQ+brFxbq0r NokOn/wVc8aqX7cASfCBlxZdvJt1vE4O5Gm/vWnoGNUYAaUyS4/MKILjC+M7VHjh 2vzT8EhJ4FSUUXpQbkTRAKsqdZsRv1Z+MRgtynV/w8JgJ9xKh52BEICCC1/YIKQ= =WIY8 -----END PGP SIGNATURE-----