This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-simpleinvoices-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:25:14 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum d8e8de0e85202dbd094e5d559bfd91343a487d2a * md5sum 760768d78716d24305e978969f4d61bb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM34fAAoJEIXCXpWhbrlNCtUIAJn7NyIVFZV6YfIc67an37E0 gUWFzpCpVvkYX709dichnEF0I7h7tv6bW6MaBBOQcrKS2tu+982UrxbSPSPTLVrg ur7EzNqqZcFVFJP3hHvvB5AUWALu6snb6p1ySr4S9Eqq2ihFLO3XuIoikEQj2I3S R/Qd2JezF251eyRkSSCxvolSJy/v+nsbRoAbpvGKw1M9AA9avr9fuvOC1RBFYXdN oQ8we6zjQ2e8OsUNnq9ApijHpIyt65a7/M2nDt5AK4HWF3TWyslUJCm0VwEXGY9g krDY1DZv48ir8dgrIfUmeF17nj9u7XU1Qk+Dg4PptOnxdv1/3/1Xw/WUxO/0In8= =oztJ -----END PGP SIGNATURE-----