This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-silverstripe-13.0-wheezy-amd64-ovf.zip.sig gpg: Signature made Wed Oct 16 10:04:20 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 57ec55a8e8b1264d710847851ffe90b114bf20b7 * md5sum 7012b2949da7d8de549c8ff1435645af You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmSYAAoJEIXCXpWhbrlN2ZEIANzkSlcDdcd9dZoQUyw+yTjN NbjJnQZ9SnRuqpfnGrq1oAtN9HvaCvimvYOsJ2Zh/kMcchRYgdKWMRe5bUCu+x0F 8k8q49UECCg31xxx7UjB4G8c17ubU31j8wTVt/KiyXy3kLXOSJThHWaiIEIs4+cr awiw5zzM4RwxuZp9UGo6XlQN79CdXir++1HvN2/jju/szo3/zC35QUT2jGclN7XF 5H3qkr/iFELEtWillI8SkK24InCdq6olDpbqglgLVeUzTsCZvbuUdrx2yohpa6Lu tS6/mxZ28zpywOFgKs9tqbVIqh3EyHraMjUOLLmXR6r1w1x5DyidiqyWG7Y4xpQ= =I8/R -----END PGP SIGNATURE-----