This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-silverstripe-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 23:58:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b5e8b852cf97207c3979891bd7fca28072f38611 * md5sum 9920e3c210fe6b05588e7a678fceddb1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrn8aAAoJEIXCXpWhbrlNxqkIALuY3Z9eRKfIozBJU6BoTVA7 8XfBaAcIFzs9Vz/CnjYL9Qxo4uZFZE/Y/t62HKx0ltLS0+OP5aqPRej8d82csYRf HFqwzFgL3sx3JBm2E8pKTbRkBKKdOTHJYGhu7wCjBOD6aVx87ISo1zHkfBMQF33m FLOdQkLVZOzU7lPVtAoBJhbGH1pE28TuHIk9Rnm8y7WPf4UryZFEx11Mpo8YYopK IDpyLCdPiCvQcbbEOwd6v8+9qoV9UXaLpNLx3miXM5tKSCFOa9Dh7Sjfsk7SgYIa v3r8JeiQ7jGYxp0pgv6UiFQix/gdYMcCCUXWJLlOUzMpNpowVtaPn2ASKCTwlLI= =eRoG -----END PGP SIGNATURE-----