In PublicKeyEncryption, a Signature is a CryptographicHash of the signed message, encrypted with signing party's PrivateKey and appended to the message. Holders of the PublicKey can verify that the message was created by a holder of the PrivateKey by decrypting the hash and comparing it with their own hash of the received message.

Things such as Email or Software are generally signed to prevent tampering with them in transit, but the concept can also be used for other purposes. SigningAKey, f.ex at a KeySigningParty, conveys trust from the signging party to the signed key.

Software packages sometimes come with a Signature to allow independent verification that the software has not been tampered during transit, such as when a download mirror is corrupted. Several LinuxDistributions have Signature support integrated into their PackageManagement. Signed OpenSource software generally comes with an OpenPGP-based Signature, ClosedSource is generally signed with a X509 certificate.

More developers should sign their releases (much like more people should sign their Email). See also The Software Signature Page.