This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-wordpress-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Wed Jun 5 01:11:41 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3f28689904c4832426094aeb21c7c1ff7ec9f6ec * md5sum 4a98e6772405cbdb00b7ba079710bc69 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrpBBAAoJEIXCXpWhbrlNXyIIAJR3nXKM6ZEMmH55sZcTMZd0 msgSDQEQF53HL7Js2Adnvs7mxup+nH6vkdy8OMYqBa7tZdbcas6w1qUst73tJgZI 4oduz+6jh2PwqYxUiIo01E9XV1JW3ud1HHweQ/0VCMqNWthkVtdYHaWU+AVR9uHy VnXS/yiU+Np3xlWc8yje+Q3DjL5ZrqAdKmpicpIkL2yDhghKtuxBBKl/xn/xAL4y CDlTr3cu+ClZrhc9j96peXFyjsfyb89CF13dgP+Asbs1K7mx9i18uLDo1cgCuL1O gos0q3XbPk3N1maL0Bdv5mxVvyc8TQ9+lW4sg1JN30jPnj9bhx28AkIwqZ2MUrc= =gRHA -----END PGP SIGNATURE-----