This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-moinmoin_12.1-1_amd64.tar.gz.sig gpg: Signature made Tue Jun 4 14:17:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d644b2f0729209e7e6778955100d5bf2c946b41d * md5sum 1bff525ff4785df386f04b17db124578 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrfcBAAoJEIXCXpWhbrlNrfsH/3sOSFFfDIbLI/WCA0d1LUbP VmR1kSpe1jrN7hMydYsBUEbfOITCeUqfcChGqKhJKQ6OHzb2Ghjixx7/vpMcEFbN CRrco8gz0v9l5wpd1PCExmkPD4FWWMlQVd++URFXSdb3prq0vKgEGAyLUFBN5KyA Sd+Itpt3Tofgdbc8QxvA2/git7vw7Q3Tnxp+HxMtqLgAw+39d79QUb04VmRpYI0j o3/36mx0pX8QU0gGshfIsuYkhwJ8POZMivS/1+bd8qKqb7+k9xiL3Q6pMFYbq7L6 zHSea3cmrb/Hm71my8MzKak5lOyJo3ydu3Fonx0yzf0RmBnHUZ+zNKKYBFZSY7k= =ie4U -----END PGP SIGNATURE-----