This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phpnuke-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 15:07:21 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 23914f530b20414f4c3378846f1a9cf4390612f8 * md5sum 5a9ac43269de1d4ee3ea3b11e677633d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgKgAAoJEIXCXpWhbrlNjhUIAMcWHLn4rYspmcRm1G0Xro7l e15MihQ8Pt+Nm6KWKgOk443HnFs6hGPdEv5KKtOHK4iaaOPDrULwp8s8MMpAfkQK qD0OEBr9H9c9JL4qLkbxA2wGc16PSq6m7htepAuN6TXVXOKZXyY/PlAh015iuIEr FzcwXfvXj5KUmooKrjRoLEvvs5EAxO4/KNR0pN34X073OwHPGKlo2YduVgSP+gOS G3yU7wILPvBJnWOG52hRRRmvTo8+1Ti6jLSSCkpd/6YmhVciM+vNkR80WMYjSNYe KHvdCYTAmfVTotMIbPzQz19k4p/R70RoOFzPykwg/7kE6G3/qRZftdWUDOAobtE= =wMi7 -----END PGP SIGNATURE-----