This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-codeigniter-12.1-squeeze-i386-vmdk.zip.sig gpg: Signature made Tue Jun 4 20:15:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1b629baac613accdf8986c86becc587e841428ad * md5sum 4533fe017d27b0e644efcc26968c06a6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkrkAAoJEIXCXpWhbrlNisUH/RjhuO53KbsCOBvStzXEPWny kenhOqjDdgn40Zi/QoTfyydSKr9hcmmfRSfAzGBz3LESVl97ksmwCOhPSEm0mOHl R97UhiN5KKWY5pmwhKrKuz1N7wVFhv6nBdONFZyyRlZpaWW/iCAobZA5ex5lNGGg fM2bMNNTCp7Qe021J0/qTQlcr81/S2OhagH6cejDbEt6impjTuU8Iss5MJgkNyGQ Gg8JGwQT+/N+Od6Qm9UyrLlJ3GA50DKyGYsAcgrMgSYyj7Idf7kXJOv8XbrYzPSu L54+rzwyCWNn8zX9IID+KnVtsfINm16QPu6WY+vHSpfhlvmapDWUec5QkbhwfFc= =Pxwx -----END PGP SIGNATURE-----