This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-projectpier-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 15:27:16 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9799ae98569314ab81dec1bfefe2f69aa6df4c1e * md5sum c7ca3b6092c44ac4e434025c2ff94f0f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgdMAAoJEIXCXpWhbrlNsF0H/0X0ZTN1iJpCJpwfguYo7Lxr dQqgP+i5pdTcC3oocknZg45gqaqGc14hrJijKdYMm9CaO5DsbMXWQFBlUbvAi/fr d+JVJrt3pi3K8CawrEQJyekvLacMZxiY9hCPLbLeMUah5F9yq07uStL9r+jkHmkO 3rpHOQ62Atfi0Z9x2J0fAmRBEBX8+e0ruTXFKguSHvv2DciUKtqhh14S1Hw86GSy OhTnETAOmlM0PhFWIAYlGxMa4BI+jf+59VoQ9Twxw580YDopc4HvuZfOyDwFp1CU zKfDSgWW/kJpwhVwGggIUZThIimL77rvm8Bt93ItVwibIBUqayc3RXzQalA2ZBk= =fH2F -----END PGP SIGNATURE-----