This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ushahidi-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:45:24 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7697c9cdba7dba16aedd76e11fa33a852a1bb26f * md5sum 373e63c3b49909eb3040a19cf4b04027 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3gtAAoJEIXCXpWhbrlNMUkIANDkHr9lJTna82yAvF9zKAtu 0AAdgbjj04cEsqRkpt8Hsr0VxTIdOliCo27FRkXc7jkXKmi87mjQ/ueE/1iT5VQ7 2QOj8YgtfkvnQjsIWHZd6UFnvQxk23JRiFlSehQMBXV5VF/HwnkGdRoH4v7yS5F7 lwUiFjzI8a/Og+lRErEKtEsCv7/RxZk2FUcWd1jx7N4oSHUt+UzxZen2iWaew768 BdZHeI9BtBZQAJSvkJwAPzVlasmA1TM862TknSF4a0rbX75IYKQtBcZbFhiRekpM 8Es1a+nOi0lZiAhtDDJeDNI9vVYyW06HXC6LWrvG6xbA/S4jcd4Kj2E8nZFphAs= =O92a -----END PGP SIGNATURE-----