This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-oscommerce-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 14:53:20 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0fdbe895424eec2259514d0b66345644f90933eb * md5sum 7ebc561a23d79b0d2449b372b092302e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrf9YAAoJEIXCXpWhbrlNnnQH/2x1D3yi/wAyZwSeqRIkYxGC ARwhCh59wevWT3uiRbWzmodNM6vl/zMadXuwB3hdtYn+6Ne/ug2sNqgMdukXXo+o 8O5Bu2s91fnpSvwWlj+6iCpaDhHSV3NbZXjb1fGe14aHe6Bao1vxN69DjzFh7xgb 1RWIhosfKgdC1IzS8/rpd5rXW6kY4sWZ8X/JAH9WuvqXzeAyoiA3fH7VLG4bHwZN 5LO5hW2p/veqzQ5EG7fOnmejKwDPnEvIm9zRXlAeYAkxh6lvQR4ltx/zDTP14iFb c+U8L43/8yTQXOtvHP00KeL7nZv9XG143UrMZoLYtnE34qMacj3WjQIY6oodE4I= =cpTj -----END PGP SIGNATURE-----