This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ushahidi-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 10:35:06 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 64d3baf41470feb9b3fcf68babb5c52bd9852be7 * md5sum d0007bf886038b94994d77e9c1222c9c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmvQAAoJEIXCXpWhbrlN7uAH/33hICs5OsV44qRKqC94QHKW C7PYsyj7UdRLbqNFtswu/1P6a1z3dJXv5YQkAGZHGZKLV1tWkuToJpjpMQlvAKsW Xmrq7rh+1sGDLtf1asz+dzreEsiFVVCoIj9X6U852RnnNTO+ccWTKksjfNhwaSM3 jpUNxtL1fCloPZ58/Zu7jqCVDKA9SsQHOYAv+9mjJ0ieC7MPC80nnEKRmV2mWC2B IHsFf4lfD7xWOew1gK9bBFJpw00k/icY+DSZSnIb2wV4utJ1NhfYVGsThSf4wn4y +SfRSkX3VClX+VaLBASIWlIB3QP+EqJR7VPstivfnhWybuQz+Mlq58PYp2VQ/YE= =adPZ -----END PGP SIGNATURE-----