This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-cakephp_12.0-1_i386.tar.gz.sig gpg: Signature made Tue Aug 21 13:29:44 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 9ebbdb1a17197b6aeb97f5060c237303ae1225cd * md5sum 82c6f92a2f0bf110cfc6391f1df2c415 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM41AAAoJEIXCXpWhbrlNfKUH+gPHEn/JF2khbwQTiLx5xnmT aXnj1z7XeqJvPUMDKcgAQgR491pobC5T7O86Afk/C0e6WH7ndIqFbsDcD9IrUL6z p1WF74QrrqMCiIFaf/IB05hK5e55jhDKMTiQ05F432AHmrNmRDWfjc+1PtoPBLZL 3Bufi5e3JMQZDJPgukO3waUfRzHZ19rmVRrUN2sENLyspU8OPH/B+4MpjuJUSIFo +iKr5BidZ4yE24ii2yfcJS79dwDpZ+sAzwSTsc840DOSiXxZp90JxWKWG2SFjHOZ FDT+7IYjkxg36Wg5c11/KQzImGChxsoc4i3xMQHUiMgjyY+w3rHFGLM7zhXh0r4= =vfCg -----END PGP SIGNATURE-----