This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-piwik-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 23:16:26 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum dd596db4c26017e7574141b40961b45af2b87253 * md5sum 1bea9dbb79e9c26a05587764164c09fc You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrnU7AAoJEIXCXpWhbrlNTP8IAJI3EQwoGB4JarRbZ5LmG9Df kxO52RmNH+y6TX/qz+uLuckxQBVsSsBRqlumrKiyFJGLNV/Ovtp1jrnaYcYNHz4f aCKlqrvT/wXWEPKmoehUujBQ9zVA3BTBf+RBR6rE5t8fuH1ArLt/mWMXGVv0MKUP nSLlcMpdu99ukB+O+yZYf6lErMCoRPqBva6JPBsvEqIqsaaIN6sSCsKL1xA5f99N wbD2pQiNKDSASuIVnSga/bbGbDbNTIUj2zL0URQRuPHqKCBhr7mw97rrFzyM0kdq Wbv+XKfvOtC/D7kfYK3Q/aASy4mEsWUPDIVrZth3AJ2lkIvI7XajWGoRhiRdnns= =Zg98 -----END PGP SIGNATURE-----