This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ushahidi-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 20:34:56 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 6ed0e37509fd93ccddd08d6fad236bd78a3e09c4 * md5sum 95209de816dc2e93acdefde969782e4c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXablAAoJEIXCXpWhbrlNJisH/j8wKiV9e7PROqk/wUoYJclv I1+bJCp04rEnaH0NV4EgKDS4r2LIJuKwT8SmVZF6VMy1VDSHO5O8RXMxsTVPWn5H cBNfQfxREqgERjf/u/4lmJwATtkJUMIhLopJo1dJA3Cnno7wMhWREgu6Lt+7FRAh +i7O+isADlqZS43Fo+Uz4ZPJ5oCoyOOX5hfiCxgcMmHIrVK51t1cbNHUsYtR15Zz hZVQg60VPjF3iGo4YENlVUQg9En8qJJQuY7NUmbWA04/84GCzq3kxcFD3Y9fSBRe nwSkEEVjtFtlXKOEMXyDlVhTDXcml6ymRynqwbNVQ7HZXcy1gF8B4Z8qzLj688I= =9k8X -----END PGP SIGNATURE-----