This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ushahidi-12.0-squeeze-x86-vmdk.zip.sig gpg: Signature made Tue Aug 21 12:39:10 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 7f2624477cd718546f5c674c10fc14e3fb3f3124 * md5sum af1b47aeebc19fa7285c677757860129 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM4FiAAoJEIXCXpWhbrlNdpoIAMyyQtHopXUZxIpCPtVUVtWL NnGx62WSQ6ZXgtyNFIKZDaYA7PUBFAS+IwvFnl0u285o40CNnEYFPGF4V1yj9Gzr 8gv9ZJDrS7r0Aw5yEOXSAEtaC58HOle6T6jSk9D+RRSjCXh56PRj2GlxodMoVYR+ 4IgRPbXofPjxQosEFrqqk6WXzYYSaBkZUWf9zQQEy3WEoJBbd/dKFyb5e1JPJmzX b6wN3DDc635u7SaWleNjLKl9gpgz/k3JSpyyXN/wzzIr4dc2DnezmWv9KHuXgvjs 7FhcHz8kr3pV70qqo+4g//UAtjSsxzPpyHwk5EgrfEo/l85hbXhvt1Y2/oEx1rA= =PUf5 -----END PGP SIGNATURE-----