This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-pligg-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 16:29:25 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 02bfa6faf5290725657ab761c6a24e7dff912e4f * md5sum f162eda267bd6b51802c291d942a00ae You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7ddAAoJEIXCXpWhbrlNWqoIAI9fpDWrudd4AEhJlKGqs5s+ TQMss/6EeJDKhLZD3SMb7oPjzEmGBhO8g41sYwdDJ7+2zYBjloUExYfq6Th3uz3p Z5S96k1Qq8q3jy5gQ1rWtxeV8Y7IaYIr0lb671VoZvUH+lfI+LOjJCeyrZjxAHP/ sEJYu2FvjKaIz6qJ9IqeBXI4zt9aD+hqEt5qYHrOK+ZyA13kv0obDf7vl7FHIbal 2JiQqdU26X7SHtHJB/vnAtE5+bsyD/7CnC5ZcAeE/pSWHz4bF28xtZiBQNFRN1/P HlMCiD7UNiox/p/ugZtehGI5+RKVe0+TaM3sx47P+jAbPFHfEtZNviX1cFxdZgI= =BQSm -----END PGP SIGNATURE-----