This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ushahidi-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 17:31:50 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 9fe15ede7968c00e058f546b8541ab08897cba62 * md5sum f36e47e387f7d8742aafea3a85814eb5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM8X9AAoJEIXCXpWhbrlNdn8H/3adqdZdKfKlQGyFtf8RHjcc 4dCDqksGkYGR7xTnH0cjO84ozyC1duOZvvQtvo7S9ifn850DRJwd3ntwj7heaMer iZsgEFcnfwjf6cRwSyJgNR7lnkbyBbALav9rIVbqUOX9CnebfONyM9RDiHBhadRU mlxJa0f+9/+5eSeV4AMlBzdhzc4oUwaEjR6/8g5coPnqdqDFx9GDYRVxwbq2bb8C re0PWS9iqacrp5i++HCHNTf+dPb/CCkNRKNhOcBYBhqD6C/+eCjHdPaSK7OYrvsG NULZPp22m1aDNrnnHz29MK6/yJL2oGiFpWgob5xKjNr/s6rmTwJnlxkfv+hSe0I= =WLJk -----END PGP SIGNATURE-----