This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mahara-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 21:53:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum df6d2de0eaa9d1876e3cb55bed723764f0c460bf * md5sum a61594805bb34f44778259ecc4866ef5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmG0AAoJEIXCXpWhbrlNwlUIANpRp1Wxe6P0MY3xkEoUKCMF S4vd2LxkP6oSYCxeqlWa24hwuwIWk9MCi2reetwNEFsyjut4R9iC0C8wA4nFLevH E2purqJhYAhaqfE79QfYEKO51Tf46ezLe28wZoexN/MDJlSVxZ6zaRxtnCqAS79/ SI1vwgClv2AZgFNHCLHmk3aqwJE0MT/gGpYSLB33F8DkzyHyBZn40nRP1SgIOH9T rGEYm0RHCSiDPZOqoSXhwvq8pFp2rHFBlNN1eK4tRAknFJSfiGiIg1VU4I9/BsNq pqmzExFTRmxvz31iOwGKFYkzlvMUyil01pyocD8VZInsyrmjux9iqYNjth+YA3I= =x1bQ -----END PGP SIGNATURE-----