This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-trac_13.0-1_amd64.tar.gz.sig gpg: Signature made Wed Oct 16 10:33:51 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 95e9c405bda9154dce43f190a69a2a0c3f98127f * md5sum 172558d8e5425bffcb3685f64810d717 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmuIAAoJEIXCXpWhbrlN4wEIAIKzIz175iksibg9WQWEa0je BmqFTbcg9vn+Phl6u/yWQmBGlpO4ykOEThZhquh5Q45Vwtcr3fmR/oTpQ7ziZ4Bh Maf6JA/xQFX16ARpw2ovw3C+H3R3kMdp3zRwblmEyVrJsk3jmGrNM6errywx/gbi bhxf5O1dGqw2EYn2Ew141ViXR58L04LGTBQ36O+0YR5F9pWT3oiSmGaGHIjYbat6 c1b5rQ2Mrz9XGyTTf+szRYgLtr87QrO5Iaa/9CguHuw+saPGH/+wwRTCpETV1Ucv vN7vzUHGegkWSAVbM4ZU8MxTVnq8t5i3NlR+tXzm7N4XRf0tGkdSvYZYEFLehDU= =StIk -----END PGP SIGNATURE-----