This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-jenkins-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 11:53:13 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum d967fe31881ec6ba19634bb4a2946dad5fa647ef * md5sum 751761b1d3642a461d46c1879615e63d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3aWAAoJEIXCXpWhbrlNPBUIAI8Wepwy0ai5lJWd+FwGm48e HnjizpKaGOja/Ixu9m/kX+f02W97ELvGsXPRFOpyaHJCv0iozLae3Kpr55XZfZTg mibnt/9VYBwaa/rudVSc2LpvpvnCFQNm4PZ9A5wvezZqPb94sRirTSx7v+f2+WyQ UF98swZZU938dprKnHoHzJz+oB2cv7ERNiXF/CVco0EKBWKQXUpUiC+TkUIc0los VS25b2UIFCScHMbk/S1kYy1ttB4TEj5tfl2zVekGgW1sHhA7KBxMagvEB5hi34dt MmQCQ3rv1DRCJg1qYjgOcoPF3EA/XYFL8X5fTt/OVScYCfDsYgYBfuGzuKV1Klg= =pIiC -----END PGP SIGNATURE-----