This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-codeigniter-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:12:20 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e1013422dad27e7198841b3a81f7075beb3409f2 * md5sum a4092cb35fff583fd68c4ec53cf75e34 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkpaAAoJEIXCXpWhbrlNIMsH+wR1HECS5/ssCTMLcVFg4A8M ogAJyI9VvYfjy7B841qYBLO5PjMc4uGLO5S12A4dVWivkUQ8VY6NlxRay+CVEAXV H0hL7c3O2EA4/AN6so/MauA7yeCxhMiDgDGiIq1362EKuvAezmNhxa5fWHocBw07 9MA4MsRswjMBIQo1yfB28rI6srH53NBMOVOviqP1ui6KyA3Brv3524wQEOB03jMh 5iO/Pcf7IPMG9SdUbZbFu6SCP13MV4HkMzrra8WsQgnk9pz5/+s7hsoxtl6SRjVZ TNDTchM67MuDGZH7eSJEQN5aLyZhpovHeMM6jw6/7zxyAp8EtwAFOD4/TKv1mTo= =TG50 -----END PGP SIGNATURE-----