This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ejabberd-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 15:43:59 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 291e47a21dc4e9c8155fe4952111670b844b9bd2 * md5sum 35d82895e1292121e860bdc5972768ac You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWK2AAoJEIXCXpWhbrlNHKYIAIUEt/iT1NwZPugdVG6gPqNa G23JummxXz/gLz+/UbV3oe+28o76G9Eqj7SAAQ0VOYeiGe/ET4VG1aJz91Cm8v3/ yHaMgBzMToBm/qI1528A9j1zsG5dkUC8LLLcf6h4QvPS1Flnbbc/+xzkBVnvc9z+ ByfjFVOzNo2HUdvfxsLQ+vMAhgnQeldnadxl9AOvnSGP0bAyAKDM4Z6lq8SF1ra3 D9lYNJu/hyRuR6nXTeXnIfAENwFR6Lvgm2xCKRLs7KRLDAuVo/DFOyUsOKaCn73d cReffYM+Z6WwW3JyoKl0CKnNJ/sYKA/5DVBpAj2BaHxcKFy86k3natsZQ3IkUnE= =KXQ0 -----END PGP SIGNATURE-----