This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-codeigniter-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 11:28:59 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum ce96a3b8792ba130c082ea0193d8b8a07f66b7f5 * md5sum 06f0b6f5c1378d54cd7010db23b90b6d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM3DwAAoJEIXCXpWhbrlN43sIAKPZ2yW6IN8+8weT8rmOlo5I wYH3H/rGkMNPDxRu3T6broevStTP4MLaj1Qzz4c7HB1Hs388/srKO+3z8N0+AcmD C5NtV4ZHcTkUTGbGLuDEANJd7C1HEco4r3OorTecgG0ROyhaXH9feHLDvx/xR1By izGrR9oU1uN33f3UpyL5octilRHWY6cjkAk3VOvFD0H1rueSR9DqONxs+8j2TcnL xtYeKfKxRbEFztuHXy6RfjO2GaHdKOWlVuoEZnDemWpo6ftQ/CJ71xAKyI32chLk iPU1Lly0B0n+QEYeNHp1qSeI7/T0vQoST6nFQUnmpeYA/MGnL0KtCnRNk14zuWk= =lNXI -----END PGP SIGNATURE-----