This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla25-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:48:35 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 03cd90f3eff55c2740deef6f1ec84f6bb2d71795 * md5sum 8d40d8e4eeba7703922e60a4b8fa051b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlLYAAoJEIXCXpWhbrlNHvYIAMfEtf/O78OQyLn4UYb2wlqz 9kdVZ+NQwkpv8ywrEH3hH6IwHjY+y1QnezfQvMKXGj8R9lvBBoSPXrnosHrsPC1g DktqWbb7pDqfN9JSxS7ihOgnj6KacQDt8/OEXy6n65liZH2Q3h6PBU3h2jTsWzDa XZY7J4d1PCF4ldjfdIIjXnpaQicZRT4tVbtzmhPe+6t1vznc/sM7Ky4+JucHQ6H2 +GT+Nn71HYlV3I1woUoRSWTwn9i3PX2dB2N/nZissDS4L4E48fN2ZpQh0WgmLQFc gwSU5nmwzhLF1kR3aY6+6Zo8I5KvVNyVGUgZnoY8B0RODRT2U8KkxK38SOpfykA= =C0ZF -----END PGP SIGNATURE-----