This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sitracker-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 16:24:07 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum dd505c6ae3c8454480f48628b04adea5f1ebf9c1 * md5sum 240587e30c35d9a7bdfbc22a402522b1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrhSgAAoJEIXCXpWhbrlNx74IAIGAzKQn4W7qjixgKvetGBQ9 iJaqqlEEsrXma0YNEUG0WQJlMOipf1RVhOdsKxRCzSAqIJjH9EoBLPTJ/xTyLQS2 z/bVvyIXET9B6mT8wzx1BTnMXpZl2SavQ4M+fqEeh/C3PI3D01NxcAv6UD/MVIO3 mEgKzIoYItAGxuAUS1HtOEBcxa92+MXJ4o632JjQ6nQqVKFlmLcZOS3s1mYtHQOB C5KRL4K88PL+xBRLs6vlaVS3iQXiagJHkmgRTGdpcDvbRPBJOS+z9R0hK0NFNKuh X++9nogdHr20j646UvCu08hgebfPio2zED3W2FbMk0A7pl98qGlnvz5seZEHa28= =QNCB -----END PGP SIGNATURE-----