This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Wed Jun 5 00:20:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 0e7d35b7d0dbf633de61e475cb00198ae5ad75ae * md5sum b5060df9eae6c9f756c6475380ef1c18 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRroQ/AAoJEIXCXpWhbrlNHhoIAOeUE/ZeEC4B/gXo0aFH7kC/ z+IQxSbScH235Z7mDZB6EfSJZPN/o102/DB2mPWIVkaJ7N+eQ7kTzE9S40evBdiV jMEEZvNSvl/8BqXfj69jtlqGbF9YmHTF1p1g96cq02buMNfsqjMVY/5rSwJESFFr Wflob6ZjbD5/ibcMls7DB14PVm2Izevl+Zr2phAnlrWbqA9T8m5ItoA4hTcKsTv4 bE2FSOqYDF85oLZMJhoov0VokCldOdqcckuj4J+d8H4b6/0M5yLJg0cm04qraDvQ wi0v9IUgyKXBrO2OIZzXcxRroQu+gXIIn9mtNy9d6lg5qAmA6xMRphUe/W28jYk= =AX7O -----END PGP SIGNATURE-----