This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-jenkins-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:52:54 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum ca2e27bc9e3e76bce50739ffcea3215994feffb3 * md5sum 6e7d4f4bf3722651b10f1230bd2116ac You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3aGAAoJEIXCXpWhbrlN64UH/RsaNrTzKtO3vERwTqn3qjev maV3yy1l/q9ZuSBmMSZlHMjzp5rEzAUoiU4LEGFxIqEPdm+2z7ajYNUmowmWq8b7 QfMNT5QUlyXPoFEWE4W1P9lmYdWIrHvypi7vijxOC/9U7Oq73f0Kkz8FHfoUTppe 6cemzT4V99IuoKig6nFGpYnS6GHebBOGMFQFSSpqXt4+lsZzoMJWY6KFPK20JhYx cr1vq3Z2T4DEd4gR1/qkkpJ1f8DDFKdo9B0vpoCTmrSkakIQhpGUh+jXKaLMxprX rrTJq0F/FrvPr9n0Hx0y2SrG+PB7HmlNOTylOvyb9gPElgQswg4tGP6LOkzGKZg= =Wz7h -----END PGP SIGNATURE-----