This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-b2evolution-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 19:46:01 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum bfba7b8b31f55f4c6c2dd30d51512f12a0a3fd5d * md5sum 83cde730197e0afe980a49a9abef4f8c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkPsAAoJEIXCXpWhbrlNDUAIAKlKxkbgsFvnI1ai3LBiPODq uW/h7etLVO7XLf0+5aGcHeNj/weYp86mxeHCcstjOUpdUq50kDh1pAMPqDZkWtGq 78pnCZsY4EyhLjdOdXSMMKHGMeLhkj5fCchv3uzOewADFozF5lOPtLRMwRD6shWr akN1NRZVMI5lS4C+UMxsgBGqtyDBjaAZl7Gw6HojxOsT5GteTegTiMB5F5milnEM 2vt88VNNEQhFwj5K+6bmjI0UjBeaM0DEmoILzQiKrdC+lugUfoYO9KowsDKW7zED jy8s8lWu9wF9FufT8AI3JGUkmwAvFLcO8jMsw4g7RyXRw8GqA4AzoD96KLTY8qI= =Z/iq -----END PGP SIGNATURE-----