This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phplist-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 09:36:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 61e791476c7b2e397b62ede25d17eed652158236 * md5sum c3608603108f0c0a9c128d80c5aad78a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXl4MAAoJEIXCXpWhbrlN88AH/0M26cWbz2e2KuBf/93vXnj4 L/4kzgBxC8G3StnS9AUkah+udDlo/CqsTsKdYCWSpcI64CPO7YIVbH8a0YIyvsjH 6oPKqgbphAfE2nRCfET7nSlHJHj8x26Lm1D4tGA9cB3jcN03lx4F3CGv7Ufw/B6w CzkDUDj9JR0WYTEDeaRiaFHJwDHdsPgwTS/2TPoBgiB9trX84pc58EK74wbIVbwg D92b0HDqbT1/3zHqoaJRXkPSzz34nNXqbHiQ1/hER/BYH1uJ1F0326eoju/95ttc dMP6vmz2W/3vNkFnobyihXXoB/S56pewnVOiGATQ1e8GHgav7D7SfscrSLEQYeY= =j3Q+ -----END PGP SIGNATURE-----