This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-wordpress-13.0-wheezy-amd64-vmdk.zip.sig gpg: Signature made Wed Oct 16 10:43:03 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3cb46bec33ea18c9f97845a73f56fa562166b2ff * md5sum 0bc2eb89baab2b2ce6bfdd4a817a5685 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXm2tAAoJEIXCXpWhbrlN06AIAKnBd8I3jISYwLDkvH/J3dN3 u6/zcR8X5uxcNh5aXWnlJhv3EyCknwnoRISJIaNH3/7uR0U14WBuZ1D824kxztnh Sj83Tw+B+N4zJN5qXS6WF2I2O/JT5w4Gr5CGb21mnasYWYNPHbRNxVCm9sLnkq2K VHU8AsNBzgzgCAVrLb7Gk0LCP59ehAIlzJ6cJQ6YomLuCGzVne4xAfsAEI9Pwd67 756OgE4Hvk5Hsu/CPzFEKN1f9jazeRqOzpPT7bNmANQzz0EauJ2Ihgkn1MEaGFDF GlL9vFMRuOsoqoxIhnCES/AW4iUFAeL8EIf8aHutN7KgwIYfoOjdOO5o16R15DM= =2TMn -----END PGP SIGNATURE-----