This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-codeigniter-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 08:12:10 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b5a38832e6c2ef3fd91510563556b0f4a168a49c * md5sum 2dba412e5060793c758e851b379c5b54 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXkpQAAoJEIXCXpWhbrlNbfkIANBLbeyGaLqiItucI3VTtXSF l1NEhLGtGVFBBDlSzBbd08C/qZdfCwQFWKVJAwTlfqRWFe83+ZKPE1NQzCtCbp84 EMiVGV6Gfo2XHgPKi/08nc2a41S3hzEtCGqRxuxxxlvA/bXyLc9NdzU3MZ0VAxZf 7Sr6kNZJvzoLA7B4YmzPETCPIIlG+I9A7eu6VHcKz3NKhtPDkM2oKeUfS+ZPAuLd M7aJhPK9DobRfbEt1MJdi098kL5YNiPo+gEaORch/OTJ1IzJsbcZRCJDnbwbb7u3 V2Te3Yr9X1mQmERgp+UG/8gS1tdEgJoR3LXtpk1S/axg1zLZ6Y0ymxQBckpfXrQ= =4U7Q -----END PGP SIGNATURE-----