This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sahana-eden-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 23:53:40 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 97b29575bee184e0179af0dfb9b7645451d16c47 * md5sum d8dd869e211afcc5629d08667001ce6f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrn3xAAoJEIXCXpWhbrlNXp8H/0Mn+uoLRoqHH8K/4LQ5dQr1 r2a7AnQvmMHB7QDIfMB59mlDq7ygJgwNQF3BY5f6k+QcBNehu/m6vyqoj1HV1HcU aY0k+7A19polKHmoFYOptdWcOpn26nVHQBDhPoqZ/yl6hbIhh+GBE6COzaYAdR64 s2EoRzEDdK7D7KybjOuhD6FYG7NwviXZP2ra/MSp9bwDFcUC/vb8iynQ8UUnrBsZ xyFS8lF2+yy+g6Ds9Bww+VHF8A8/6200GBjzF8i7Ni1tGvVgIGqNgvt4OOG5izaT +eaIINePUS+gUIWLUPEwkw6UosRnXiXUm+bpRJyb3TwEouVYjDXCGgsJCbZ1sY4= =Z0qK -----END PGP SIGNATURE-----