This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-sugarcrm_13.0-1_amd64.tar.gz.sig gpg: Signature made Wed Oct 16 10:17:53 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 22c9be185c222d4ecb60d74c49320121ad659541 * md5sum 1e35b4e928dfc5aad8beaef311e8a890 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmfJAAoJEIXCXpWhbrlNipAH/2AvKz6NdYwujq5njgQ09LDd qbh+sQXFcqXzxP4wzjlx4pu4L9q0rNHui7OiAyg4ox2+KlJQmXKdnNjDN8rn1WHP e7gVBp6jiUO1GB+0vmjlw4wzMwdKHcA/O0pPa1V/OgQeWvx0VdpOVdsdSvMJ7/Ch 7ebn7PcdQYwt2ROSsMEDzIfuopxwtYBhAJbVHIQZz4Uw8290G10xRgtPCvbBAEwZ 0Yt1XtindoOzdaVh5XNC/8FeI2nPbj+foTF9mIXzoa+Npw9ZL/JMiIGLCY8gF77S yra+5gp1nqtVRTE461+cc9JDXvwJpLH1zQS0dHLztxxRhwfvdTFnle4H9WCXvO0= =RKxI -----END PGP SIGNATURE-----