This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mahara-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 16:31:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2837d17f00b9a46dbef17390d37f56077b7634d9 * md5sum eda203f5a584fdc1ce4fcf50592790ae You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXW3XAAoJEIXCXpWhbrlN7WcIAOEXU1mg/S8npPtS3FHVxXpb uCn4hKGoBSoVAwf1+wVBIrV+UN64h7eLcYCvt2dF091s1g2wXzkoJWVY6VpsfIuQ DicxYIvUM/5FxQ3qpFnvnQhDFwrsWbKEpryMf1Ix/hJtn8q+m+oz6uhozeHjS+Ae TckJUSzZJ2AHgCN/hCYiMmBqcRTF2EwJFh45UMurQ8jVPzaNuUzQY6CQKok7OGNI tho0tVRqrvmcTZSf6tgVIEJRBn9YogFXVjZo5FOtcMxBkhbrTezWf6IA5j8prq4G 0/8TcINNhgrZCZYx5idkeDikfJHZNATSzFRc4t52Xk90GNYAR2HdhXqFTZkTmZM= =GD2Z -----END PGP SIGNATURE-----