This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-domain-controller-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 15:34:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 110c77d2c97c0819e2ef385be2d55c9019bb3bb2 * md5sum 75647825b04d474742fe63266417ace6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWBeAAoJEIXCXpWhbrlN4dgH/3gLZOamLtDPTfsSy4SVkC4R wcz30IDBCDQdLl6z0hgCcQRLha680vLMAsJMk85BA88C0P4d6y7FREZCKapOTN9T 0Ul1UI4576301xGnBNrmZaua2yWlJ55nBO6AKm4E/QYEhTeAdzK4b8uwvLgnVNER H1pvWZFG0Biv5n0Nnx2eNDay+wLDy47l6/t+73aDKdE75ilTYPf2OwOLsUiXSLxg zDc5aAd4eHjW+XKjKvJ0Zdu5BFeygpnyUujr/Dzaulrt+HTXKcxfvg5D0UqdlSEp GPVmE83bM4e6SDJyLT/Y6jCgOLvLGYM5YATHPK3Z9ZB9pZiiM68NNMoyQY8/cyI= =qFhB -----END PGP SIGNATURE-----