This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-wordpress-12.1-squeeze-amd64-ovf.zip.sig gpg: Signature made Tue Jun 4 17:05:44 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5a4e0ac4135b70fb3a0360a3bc2db7061d070116 * md5sum e0b84c87e0648fddc18e3742d8c936af You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrh5dAAoJEIXCXpWhbrlN+0MIAMyoKjjbUfjVshWYOGbCXMhD 75CRudbquFx8uYI8R2AyFWQgIP9po8aR5dVprBzQ5yEv5O/ApmCp8EEefNyyDoBN vxPP+eXHptbff4Uzu2FAUPmvishs5IC+YcYDHpw7Ml3MrsZDgINasepqg7xs4yJf gNe3kPy514w/qLkH6pRjIxktkmgONRoAxzdvv8ZLtrhg8fvKlwCaLd4u6J+3VGeI n75T1utO5Qq4RvTkLDgTM5K7lHPzqXCYOu1Ea2KcF3Plk0/ixcAYOYecDtXC9VB1 AILq57HkLEGQmkELgnPEdI8ZlhD6ru+d2+HQu7OcvK+kzLKPC1iGl3uDzbsfMGs= =gKZP -----END PGP SIGNATURE-----