This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-piwik-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 09:44:31 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 43a5ee2159cf9ced81dfe7613e807defdc964ef8 * md5sum bfd62b917420a2bc5ceb7e23146fdde8 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXl/1AAoJEIXCXpWhbrlNcKYH/jYbJQDYreWLIG00fZwIyjoR 45ev3rtD3qoNQxdQKRc6y/cgnYAQ8PXKcrmE01l4O1VI8eWpDFfy7HAV+UQwy5Uh ZT73V2VEQfqodOypF8nWvyyDGMpsnkX/7owJkMCl6rdVFMOXCJTBXTevFRjjW8/v j3DoM1BpVB13lLGlDlHGnHzKkJNhZPDCZk28F2Hxdc46MzhXhScJYaz6b2lgeLp7 QxlN7M2VQKQLxQ/wlk3yoDvMsAKi+lQ/4Oq2XcL3718kPoaDHTpHRLWx8cRJJ1zu p/R8tc6P8rhjjNBEnRG8D3WUj6oyDjjGmNS2cRapxCb5YA/GwVeRleu3lDkOD1o= =L8uV -----END PGP SIGNATURE-----