This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lighttpd-php-fastcgi-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 16:28:43 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3a88b3de57c03e72ac62cb5560f1f6f46460f2d9 * md5sum c2c611daa1ccd86bebb8c9d1f849b69b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXW0wAAoJEIXCXpWhbrlN5MkH/0qLTusNf+raNlHQ5uiHbbWe kxlkOhazNkuBMR4Ua2bqRTzYNj5Iw7G9FSTIIPRPoNKQqi1R3cmuFRkqqrp3Qzpa JdEhaxDDCH+Y9zwDIMH3tSEaZCa+3/LVCeydawIkhFh4UD3wknEHh5u4grvZ+m0o CmCmSP8/AJmHDUcKW63PpBCoIN6ZcT8kAQJDBKOv6RTUutpWh2RBJFdEyQdlbqnD M5zne0C7XmDBii6in+Rjn1fz6djRsusp1Qk2iRK96QJTLWXWRietlyyycgzkQRBX Y5D4ayyuFEbDcuFlgZLJnwn9ro826j/UlCiCLx1U+gFS5708wNtsAuE+CFHXMCE= =7O/Y -----END PGP SIGNATURE-----