This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify bootstrap-jessie-i386.tar.gz.sig gpg: Signature made Thu Apr 7 11:54:24 IDT 2016 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: $ md5sum bootstrap-jessie-i386.tar.gz 28c82e5f0d40fc530e15e918fb32cdfb $ sha1sum bootstrap-jessie-i386.tar.gz b5b9524d1da67233b7bf198cffa023da4c79db38 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJXBiA/AAoJEIXCXpWhbrlNMdkIAKRdZDNEdjeXpW+KhIPotjae EKiA/VyR4NEwQXxTlB5CszpNLqwYCTNBx7MOim+1lkPbR0/OE2LXxqzdw1/BECS4 6DTqDh+kMGMjDaudDSKCPov/PgwgY1xDgoSKwwAFTEUU3U+8+phlMqt6mUreLlMF VAXo/IyMECURPORkaswHSqZHfQqqgUG8NdMhtCqzq325IDAHvbNP7xWWLEENCxOK H/zhoJvQLPsyoTz7yUurzpMljEuJ2yQbB3RuxRUanHFx7P3ZyhatoUFJGgChLhfW Zkbkp4QK2Ut8ZNCJceqIqVmZcD8RiM0JIholuyLuVV+Y8VGC6v+9HweKE4WKijA= =JGPN -----END PGP SIGNATURE-----