This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-movabletype-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:14:17 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum b13bf8c62ea58daf637e384ead582fdb1acf113e * md5sum dd4050a7810a3d2358565664516fd7d4 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3DiAAoJEIXCXpWhbrlNBC0IANSNn5LOIhUcqkfhOpA6ORGf P+7q+spEad8UhKQYHFGszXea98wDQzdkmhGLmvslDauI4ZBhL2X+ATRn9QB5QAhl r2vhoWVvSVO4BV+8L+v1R75ep0qPWybiY3SqM/jRawF8ZAlf/jBWj8H6BcB490wb bDTdd1XJ868HCItvupagVk8G+9Cqa+xuZc1DOnRFyti6hZGjXGfMnYbXscKbYGmE YMwsPTxY1xHPqUnxPSrccuYHIkxWWdeGYTURQoz+umcumRALZJhfXxwHwI+f52yB /tCjHRN4p51wLcnVLqv8HkaoSWTqW1+3V4xdQVlSjc9QxHA+vDaomfb4CwXz2Hc= =T9Vd -----END PGP SIGNATURE-----