This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key <release@turnkeylinux.com> $ gpg --verify turnkey-ushahidi-12.1-squeeze-amd64-vmdk.zip.sig gpg: Signature made Tue Jun 4 16:41:20 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 65d9ab6d0393806295ce2777eea87fe4fd1a2633 * md5sum 7e13023daee59a95d508dd88c7ca296a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrhinAAoJEIXCXpWhbrlNwXAH/RbtxjQo9HkHcD1aB0ThOUOt hJGBlhu43hJdkXNJeHulSZB0Vkc1F7CAy5RHWDkVSMJzJ2tajypNOuzqhmxdzFDk NXOH2spaVrLJ08JKol1//l6B9970uQilkK3SLePTR1LdYDs1hN9+byDgkCpqCUz4 JLAnshG84jaD64F61y+j0zZB1YQ+gtbBdtvnFA9z2bzzo+Z7rnD4hG5n8oa3PweH xL1rN0DyfWn9GHKBpukyyrQwwlZ60Y5x0lNgUkOQdztJ41IYT+LCESRhM3v0vjq6 N6/gouRhDoab4g6gnQg2I0s6OkyD7cGQdrYWOcehNfwFeKRY8kT947aTNjbfZv4= =X/nF -----END PGP SIGNATURE-----