This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mahara-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 21:53:14 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 12ab34703ab5347e4114028b764b7faf1fc1cfc3 * md5sum 6c241b3ee531da72b1a87319b3c56329 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmG+AAoJEIXCXpWhbrlNb3MH/RSPLaIEtrps0MwoXvX4b3uD rzFxdZrNHib1ZS8FYKwDMC5LymS5vziS+UX6P6T6OZd49YbtIa/48G4d787apumz cQClX8PeKEY5wkY7vU7VDSNmvlwZBuhen9RHibTcqIpNHj2qGs+Xo6lM8lMhZ4jd tc7PY8+1eW8it/G3jGgeKVJq1CQYJ38XU03yUgu71harO9tGWG37zoreWJg6Px6O mOf+mN5Y5ciUC2at71G6ODzmnDrQU1T7G8xLrYH6zHXDKP3QQVjQFhfaZfu6xtIt iPkj/evp+Xj7cbj9ntaabcZeGOHK6kbRqJjVAoeBMSIFlpuu+k+Nm+mhtkw9Hq4= =wgPR -----END PGP SIGNATURE-----