This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-yiiframework-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Wed Jun 5 01:23:07 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 39f716a01c65c0e10dc73455563a203f4ec7cd64 * md5sum 8c3f95e22beb3354bcef712af8fe85b3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrpLsAAoJEIXCXpWhbrlNf1QH/1NNY2OYfDuXwGUokRhN9t4C RVAE7z89eDxUZfsLjBFI8TtWVwztRIKAurZjhj+i4g+nGhmebWktqnMaVF9p5TC7 tVEaoVL8lYuA1VXuV8+pdCt0Z6TAbuDRJLRJSOQXzSimyU5YNsoiXy9U4AA2131M 1lhe/ZPYc6c39UwBFwzKTn/O1w7Ik3ECPTA5OLz802pYcU2pgP3YByyshg5Ulmmb S4dZRE4HzqKVfL1UY6bFBsAxu1AHiR9Yd4xjGYbsbxOYX0pHOO/ghTsADl0cF5cJ igECU60X0z+UkdEiiiC23r7B4CgspT3+Jt7j+U+E8O7qtgIj6XhvWuCUalcBrgI= =X90s -----END PGP SIGNATURE-----