This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-mahara_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 16:36:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2f9b11a41c6c78af2f6f81f08aa61d1139952a84 * md5sum 731c4f358174ff8792414477ca92fddb You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXW7vAAoJEIXCXpWhbrlNDuYIAIlmnLQI8przYj/kc7IcJNMh nAXwJ5iUxOTxrk1K4GlPXrdPs6NOE4QPggvGXQS3vTru+dDY+93yJc1SZmf9dwZz H1osgU7R607M19CShZU76iGCgpA7+OVCakEYjCVKyJsgMBfvEno9cJueNJGRm75H SgWshfErbX2W4sIESS6BnO4SIwZnfi1teUtyXaKBdNM0sp+p3FuJSaQB0UJpcfFn D6Cvqz4wPZsC1xo5SzOehuItjmJtlUuevc0EvlKPTtNhRXdsid4u5+6JArCeX0uI 1ENbp3lKm8WeSX7YV/viW1S2uXx6zSjMLYo5ExdPyumICXpM0OOJ4k/jlct9aq4= =veQU -----END PGP SIGNATURE-----