This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-wordpress-13.0-wheezy-i386-ovf.zip.sig gpg: Signature made Tue Oct 15 20:32:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7cfe09a577eff5ce7ae656bbb5c49eefe1a6e96b * md5sum 34bd8ddbb25a510be1d788f8aab8de3e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaZpAAoJEIXCXpWhbrlNA/0IAJqCDo/O/bIim0oAQHGydcg8 X2NfN//b429Vjj1pWJq5lzEIh34gUdL+0656JN6CWLToMFlWa64ioPxGSQaPbShf +v7cIGFO78CIsPpDP7sUJ/nYrHkLhWpVRvvAOms93RGIFFgkFEuZrdOeJg/YqOZO VXG/qU47jfP6MDu5Fm3Ek+jyM59Jw5441VDj96HeN8g6ri4yNkiKObrbaMZTIvUU 02p/hFbCMSIidRgr1xgVDEvp9+k0reDBcADFubSXVbmt8nKAv6AzWjV2vrRth+Gd 4Unuctdl6kveoy83L/aYeYuzT3Qx9eg0xrO5qJ40Qk4YgsIvymkJCaVkuEymd9U= =le+Y -----END PGP SIGNATURE-----