This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lighttpd-php-fastcgi-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:51:13 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 333a9aa3fa16e9ab745fc81a996f48891dd39361 * md5sum afc26d23167c21a25e8c901e4fc893ac You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3YmAAoJEIXCXpWhbrlNfHYH/2om8B3MaALmbXpfUhNnhyQd lnK4tWhKmfTs0LGr5e+LNuIuMz5kMnut2gP91nQ2tvfdaLLymdqk0J7c4JxSqWZq A7NJ/COnDCPn4mg3OWw87SQuS3yuln/hfDUXropV8Dvs5axrrD3kj6AQdyaQHPUd 73tlAowqk2ZQMVqPDP2joFliHiqcA1Ip4oEkUJKhgNBRrKg9gcFEySxwZTsQCZZP cKM+9FZUO2IhwYkNlLIKiqVtCqP02D8QDqeA8YwlNnxcD9wCiQxRH4Rc7s0OLu+p mhFO3AeAvecY0ioJqQMNTuSq59Cqci5AG3UR4+70fTOp4p4PB+wnrKXo+SJ3wNw= =9g+4 -----END PGP SIGNATURE-----