This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phreedom-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 16:25:42 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum f2324eaf4176b4b2ca84de1fcbf1a5be4839cf55 * md5sum 0329473ef020401d437b808b12254d50 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7Z9AAoJEIXCXpWhbrlNX2oIAMEM5aOI2u/Zk/Plau9LJVtH 3LHxLY8Y8/hfirh3ha7dFuL157Y6kkTKbcuV2r90WF3NxlVqoC9ekyky+D7/GGQ3 qvFvBpovP9UWWSCLkHRY1TV/YLN9JOq4KJ/8hI0/XR8LMoM1MyjRmM99FvgEdQkJ IqXJWjnCczf6zEcc2LaHu+jDJQSE71oEqG5oUhgXPjFTQTfuNz771h0ysC6scOoF 3gI+p3n7Zwzmxv7nXPwaH0cYkpw4HhvgeHKG2DNmONTxj+qH0zjtcTT1bCVhCAOy iO03BAPyUp0QMHnrNTlRbH728S+JMNh0bJ2OztRYXPEHrE65lW1klhzhLHlrYLQ= =CIxK -----END PGP SIGNATURE-----