This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phpnuke-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 17:44:02 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1077151e47c22b8e02e8ec258de3d6d43d7b887e * md5sum 1600da0cb5b879b256f7e87ce20c6272 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXX7XAAoJEIXCXpWhbrlNgZkIAKG22PZmS6k9461Vh9xjAa4i JEPUj1u2sXTiP/F8bjxwUZBJHnPGIcdj8tiOTTP4gNRw/IicFnOsHnrvOOU1U6v7 raMo9LVW8bASPDR9/mBrzgeQ5CHbEXHQBfl8D1r+ovNUJFnxm8Mevar2OaRzF/5k sVGZLXS2BGelHga2IPs3Jlu8bE6D267ZoYh4rvzXXOEcwwepGF+A1lEJQ8lxC2Nt RYrXSISUOtElC7bAk89DCgNug4R9WY9C6ohTirHT5zGPxNr/gTp3wiZUirAbA10w zM0WOORmdvCqpCxyaZ/c0a0A6AMaf75i7vy/HQiqzTFA0iCkf1njoeK0g6skVcg= =EbDF -----END PGP SIGNATURE-----