This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phplist-12.0-squeeze-x86-ovf.zip.sig gpg: Signature made Tue Aug 21 12:11:14 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 9790bffe0e066e713cb4358f8051de8b114a1104 * md5sum 825e047c1c3af55b8a0029dc4c69734a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3rWAAoJEIXCXpWhbrlNY3sIAMWF/eExKiYNVTzDPBaa2Dre cufPVt8mUHLV7orX+GA7Yo7j/W5alVtLPBRnWtG5uBWIjH1Vr9/AIaNVKSaina7K ypxpfuLEe5peFgnGNt6zC5gk1N94WGKGcMDDMnil781SyryQOaeT7Hevwl+2qgQh K7uQTlBHwEg5/RarigK4i2Wcp1KwbHErhIFknyPUg5E5vAKqp2ihXPqfV6c/NDpr kRMt7qH+/dRqcz3F1lPIZrN7kKgNgJh90BjH8kq9nki+WTbnt5rOlTzKKFfgkP2C sZiwopj0kCmNVkF9WefU5On6A6EvxxE2LRrNjd+SVZRq8yftSynJmrN4AQyaPJI= =dfWj -----END PGP SIGNATURE-----