This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-projectpier-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 23:50:33 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 35abe9dc637874ca0a21f999f1b20a7a907ce329 * md5sum 260578bbe577033101038aacdf3e2c27 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrn0+AAoJEIXCXpWhbrlNoOIH/iei6+CEhKe1wzpnNylTDxVc z/nTBJPXp/ooQ5vb3vUfUOcXBhSWzpK0A1maky+/Ks9lifAz2uL2ZkOky/+jvRUW iHoBPxmd6ht9ukyek8Hf22VpACNwaHmni+16eLZdtnnX9+kA0oz2ZXmAhPzGCwba plSrH1Fhxkw3yLfwITB4bR73/xwdpKFNYhp1sPE4UFvj/u9ab9AW9M066oYMCTF1 gRdta/MDojdTNvRCDJKrMzL9+cyQwrErzduOBNwRU244Y/5hvrMSO/9ta2rQlbyj L0ymZNPF2T0OeYRrSwXC025hnkC9aaXJHx8gwHbKDq5e63z2V4whGEVw6UFtLVQ= =dpzV -----END PGP SIGNATURE-----