This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-ushahidi-13.0-wheezy-i386-vmdk.zip.sig gpg: Signature made Tue Oct 15 20:34:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1156c7ac43eb96f3fd3807ce40161721b9ca6278 * md5sum 99c25c24b891b48217d74f8d80b5aed7 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXabbAAoJEIXCXpWhbrlN/iIIAJvAGN/xHWFQWyEz4f2wXkL+ viW2q6wnbqLJJGvZXfHECCyP8cGbgunRWUcGjdW3W5zB3i628CoStPSLFzE9Zq16 CXi8hdVtL3VOgVUZWaqas/iXBJON4NT7p++OSTxCdyLAuvWUhl3SQYKoRoIjCtH3 W8zf2RxaF6zU2xK6NzKJaH9711EEwFq1uy+zo7k9poGXJM4RR74DFesUDGZWHJhh sDUhkLFFNFaD8PyFBt9GX1ZOC5AKt+O3xKeqWHEm0X4A2zV/d5r1gfA+q5Zykf/H k2a2FSglmk0HM8dwUZ8USXsKKScn5wpRN/JMlhAYz7G4+o/tvTELNpDPpu7nI6M= =oITN -----END PGP SIGNATURE-----