This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-plone_12.0-1_i386.tar.gz.sig gpg: Signature made Tue Aug 21 14:32:23 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 19800440ef974e6868daeb08f350e28dbf503ce6 * md5sum 827f2bf142e911f22af294481b598714 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM5vtAAoJEIXCXpWhbrlNKk4H/A5OKOj8Pu5tm2kFg9UmzVpn pnc4uCKU4P+G4lVzIG8lcF484zD5h4AFPqm0PkFCZ0r0ruRkCO+DeHdBquXvm4O8 +FR+mRKnqx+RNfRKIQqJh1UHIDM0PHttKv9tkfmQIn4nsAOqH+F+LimCMqQOgySW 7ui5JcSNzGKh7hdyHexWJSSBNziAnygIHqzVEq5nNz6TaJCkbrF/w8BtMgRuiJ7p gvLTN8bvmHyJ6cSID04Mxf7ZKI4lVhYAt6B4nRD2jEg+hCIATxCo2N93c+VLs5Gs jYWu4dqFR4OmEEpZ4y6HBTkS6i8xIWj7kmrQZqPTKvfwqh6s+Z//jVjydE8zuME= =UBdp -----END PGP SIGNATURE-----