This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-sugarcrm-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 16:28:05 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7179fc5c893cb56649d12e0c732b49ce73602e0a * md5sum f0af3a6c4a26bb0043f1beef6312d850 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrhWNAAoJEIXCXpWhbrlNZY4IAJcu38iLhb7GYh657qBmZ8g4 /MU2o+AZUOkxp4Kxm3GWzPmeW5oTuYGmbQlkuO6HKXvMcEstsiXB1TcNuPfbIKJC IGmewdpEVF0sK/kGey7B10aIrQiZ9sYZm+a3t3xnGY2Yscv/3rdLTBwPaVm+7xun b6eyw9wmU6gbOyZA7iLZiUewRm3pxWlSs0syIUDL8bdgM8Nm3DOBkqRxkUvNochG Rpi9w+hirVa07QWKzRDBCAB0xt+MU0ZzUSc1yhkPVKs8Hya9FhAP8x76IDms6IVE OOnX+XxlvNbli0BjpzAWCw2Tq8RSYBHEI1RRANEhB9OI4vw9Ivpz/xHpJNz4YFc= =u67c -----END PGP SIGNATURE-----