This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-cakephp-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 19:48:24 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum baa5ea288d66031098f9d6566d2944b1959d7f20 * md5sum b2df0a38b2d3a56e53d0d49e9555a493 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkR7AAoJEIXCXpWhbrlNW0MIAN+tg7zkRNMUghyFOMgKj4sE BGjRpNZv64+dueaHRH2ID39xGGzvay+EQivsItwsiaV11eOfqLAYWV7hSP+Kd5Xs tDBoMamVKeUmaWO65Ez3CET0WDWBks0I4n0CgguAR3dJAnPFuSlpNyEycVlNzToK pAn2PI0+hWPAn+eVjPV7udKPIcwBXT/HAM7oMCrX485J6HUxi3kxCXZaunX9Uz/R jnqKjiboeJ9Vv0R8FHdG9qmkEKHraKidOMftIOepCd/kviCv0+/MGY0IcVihE0qj /f8PsUuCB8OPEjFPR3LF8AIxMOy0sK36TP3tCbmQ4DzGTszH6gQ5OSJHvW3ZrVE= =lvYy -----END PGP SIGNATURE-----