This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-vtiger-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Wed Jun 5 01:05:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d844abeef314be97ef5542e86ab606e2571527bb * md5sum e02da5faef64805728a763b5125b6f75 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRro6uAAoJEIXCXpWhbrlN+7QH/1/JlYch4tpxXk/YdtxQMNAt bSp2YxcUc3TY34Iwob6UvWKEnpLPq70A74LMI2Jh0kz53rVi26i82L+PdP9HMTjy dOQ6hwZ+Jo4IjufBUl/80mDayJ993s8+x2GzrUxeR/2tBDarfMTNr8JS+KYycyzK S/imItQL4AdAX57OXrNDgmQT1FqyaAZz+SqFOpjfZ2PDe9Bd9kh0KMGsQN/Ob96L LkAnuhzSpxg2qarIxvRxn8O7UhBNOP9eUoE3AvlXIbN7iOwKEdXsNE5HQhOV3jqd GdyLlWR7qm/rjw2H5iVHhwoo20K57mFWWRmvs6/KVmL4E2cuzi3V13Kisq6Icwc= =/+DF -----END PGP SIGNATURE-----