This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-couchdb-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:22:52 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum dc2257a892a213f7dfc5b2cb5a2f95466fb21e38 * md5sum 8d5ce0ec3f13ebb5dd2ecc038e9e2d64 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6fCAAoJEIXCXpWhbrlNSRQIANt8PsQLroG8T9GMJ7taEnhP DLiz4V6uDi2g1C6ZgI6REUzfH60Ph7/A6sym6kkDDL3cFnIvJ+4fHpmgjuxbWmVu piR3erHck7m2iXb0sWyeGDTzUDHJkbV780UND1tN786322Qm9g0CVKxCKdDZSG7h 20l91KYR4NlYtrMQEOPJe1FyBG7LbJbC/aPwq5EEaNIIZzoe7adNEVQBxY8tzpJn aND2qJsmpcp0kPw4r90oGF4Sd2NqpaUPt4TsWuFbZGOiYaZBsyiEruRGq2zao5Mh BRbtEpkSfNzuUFx7F6DRB048C95H6DlAN5VkGHK6NSbcKw2isy5ur9RalDAr4eM= =0Y9P -----END PGP SIGNATURE-----