This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-projectpier-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 15:27:08 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 65c53917e187bb69efd23f89f08341ab2c6402e7 * md5sum 810524f1594ec2344780f837d9ab6274 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgdEAAoJEIXCXpWhbrlNAE4H/j2Lew1vL9flw80IbwYUFAfz yklTp19H9nh6+a5MDxBEjr52rrHuUkgaj8xts20/6cp7hXMU6N/XLvkYy9U1yLgZ WdnAMQYXo9tISCtmPdcF2A5wUu4ApwXvxGnIv2A/K4dOtqH6gf+U55BsPk0ONMDH umZNZgzZ+gs8tlEQJQfBkxTqBEzehPSLdoTtyojz1fanmVJgrWnhW+aGaPDudn0e jc3ySp+y9G41iyqslyubWWEj5zoYeHRaNrb3CNsZZAKyFb/1S4HWNE6y51JcWjtR LcoK2sfRBmwnIv1tTa73i6N6GKVnnLUab7AZmdo3BbO3DIHHSlxIpEO9gCMBKx8= =orY7 -----END PGP SIGNATURE-----