This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-wordpress-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Wed Jun 5 01:11:54 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5ec26a970315fd5f402355d68d6dcbb200e3113e * md5sum c508c92a6884f403c8d5ef0dedd0b836 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrpBNAAoJEIXCXpWhbrlN5pIH/jR1iwfwQdRSByVz285wmpGy MZLA/NC2IanhA6CJrwCSNr5+/SyQOUYKuKXy4VqUB8l926gz/gRrGTXTKaevOaoa ViPM+oHfmuXU7Dq1NqHgEEYrecCXaSL0AWHIeONm8Tzpoda7tL99zCquzrsxff6I FfeaC9y/1PgDcAobuEBlG+8xAYp8dxu1xu+Ab8PRzAmM14QzVDxjHCkZ3PuwFN9o Y6+M4ZKF1nL5vy5KK1KO491h1zQlcNXhWRLV+d7qqOetzlXwAdbg3FEZQLzPJuOv XYevm68AP12eVudIQikStdeVMjBpezO6HTQiRTwg5AbHINZOtz5j0fzIjNEOx7o= =5jC7 -----END PGP SIGNATURE-----