This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mahara-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 08:50:52 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e01b2de95f9562d1dfcf2c588086c5a44f09cefa * md5sum 8b0476281ec6caa23b99b4a50552e46d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXlNjAAoJEIXCXpWhbrlNHQIIAIlBN8TTSw9x/GotJ4P/VDe7 No/3Hoqq7P7PiqyCyMgimiQU0fU2dMzOqN4QIimE3f8MIbqPkjT4whnwDJIJPJ7U jP8izCYcQBJKo8HN3vdWO3KKcOZpaP/R6+YmHQVZXloX1Yskhgs1iBFzRK5G7bhY EoDholEdtf+PmDr7E01nbGxMF3jTu23wr2zNz/IMJqsZk6bIWUmrABOfdbzIbZSo sDhxns+guU/Y/cCIx6JkivsgAh0dDuqwgEKiu/JpDGTEFxVC3gXiQXKIof7QCf51 wqKnwER5OSrGOXEPzmurKFZe7m2ozjOzpV1JlC0hqYW39Wzon0tMmgnp0TL5TF8= =SHn4 -----END PGP SIGNATURE-----