This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-orangehrm-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 22:38:46 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9faa3e3a1640686e6dbeae40b3f90933e20ebb4c * md5sum 6f67a0241af89145bca599f04754c4d7 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmxnAAoJEIXCXpWhbrlNKlEIALBgEJg/nicHFn/BIm76/tlj YlL9DHjymRAKcFdFFlHRtVDL/aIzOsaGhshznZgv+QWha018jK6NdA2BfsIonDik i7O5RVywCZVtGRACFBBdum8I6bD3x5orhR+9otxK19TX7WgovPYXYwEHLlvAd3ly 2s9xlwC1bcm7DD4jz7K8TRKrMMylSmcCSqpTlIwhFBVuOGETbmylKXB04UX4YcJO b2SpYR+yBH53Z0C68oYUKbqDZIZt/n6XGp5kCLQM2yQDRmBj0wiFTJbOrRSvRRyG EYzLZq47F1RqsRKH58BSy4/O3dR1NUdTR+i6NUUn4ASx5AP1j9AcWLKtWa8lVIU= =OIvA -----END PGP SIGNATURE-----