This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla15-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Wed Oct 16 07:19:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2484478d046bb467145e6ef97d3129be93f4f104 * md5sum 979b17132bebb4d9a12af2d091b26022 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXj4OAAoJEIXCXpWhbrlNB1oH/2hbpXfxdir3qJiGiJGu3w5S aLtYK6rTjk+1bttYJ3riVoVl4yNYxr5I6STO0tHaQBif5vQkVXgxVO+1sZ9jHTCN Ea/O8Gi4nvcN3oPgDkIXkajqtU/+3SSdjCFSzUtsA01m2fUpvhGBFp9+qakJU7Ou XouUqXBYA6wwJ4D28EIoL96tj8sPetW4DCMxED2T1JMu8bffuIsTmTd2ASuSKn1r rc7uhaRKttNEUbZEpOcsEYSJxH6ZQaY3ab3z5rEepGL5gAu5Ag+t2zB4cfwIPKJ5 YcYY83xuUB/6I/0h36TyUncTVwnCvnHg6GMH4qGDWoz8g/QWGuzCra0YzmoBZhE= =LtFa -----END PGP SIGNATURE-----