This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla15-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 21:15:30 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 379fef0dd2941bd774b019a6ef4478a5bcecf1ac * md5sum a8756826d8c73eda75de1c6738a17625 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrljmAAoJEIXCXpWhbrlN9IkH/iUrrwsTVmFRauo4jlpeED+g /pzWJUM/Gkma30/TkUDmrbioDA14V8fcWW0LWWGhqyksyzWwmMiBufARHTcJ8kdR wolCxBtXOJAH3Cxrl+ctS8Da6I8ONmXC7qwr3m82aKToNZj2gI4GBBDMSZOgYNQW jO+/JNbfBT46ZW1vx4035TiHKKj2vm/P+B/FvOZ/yo5eGmRm00+tindTbD0xBpQv O1hTJXR5EaTN9LpxtCd7wVpMfF6zBy1RvI0lnJ3SmmJKBxR7JWrF7Bm0itLRD7SP 7vL9SIyf/FITQtrfwcjQsdLTNq1FVnGiVDkf8RTIabpPLYGNjfry2+/BU4vWD+U= =s2BL -----END PGP SIGNATURE-----