This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-symfony-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Wed Jun 5 00:28:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f2629574a504bab447d1212a01b242d5ae6dab19 * md5sum 88c887fb90aa8b85941981ee6afe15a8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRroYYAAoJEIXCXpWhbrlNsisIAMutgFK77IsR6Nf/BXf7XJX4 p9rBZQfTGHzDJzEh1WAsqi1S7Kinn2dLxWp6d70go2SQDy93H/GNKy8E3xmbscUy RkjZSfZYeBqdlSRpXCuT4a5Q/bkzLmY6csD/y1/wU45CKbA0Iv/xEEj8j9pug0Ms MoHCyrrtrx9UE6Y8hXUeCbqZAWhffQXmWUT44QVxHzRbbQDtXbG/LR8o9CdEV0Yy Hpp0FiV6WA1LyYxRcOrdyBIhYiMJxdDmz9l6xosnyV7qDOBZIk/Kas5/qazNrA0p jrcnftdAqxMW5n4alVXMW4QSH5tQPXelkvcCSo4kcU5vnR3hIEQesUFVA7SYrJc= =7sPO -----END PGP SIGNATURE-----