This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-cakephp_12.1-1_amd64.tar.gz.sig gpg: Signature made Tue Jun 4 12:31:30 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 183eb0a22bb75255aa82b16623bbaae6f86377d8 * md5sum 578024761afbb100e26286ec9afc7f41 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrd4cAAoJEIXCXpWhbrlNcNYIAKwAMpiM/Jl4IEfwwA2iBzMO 21JlmR9YuhaUwleAO2dzfJbJ7SAqtXYHnkNJMm7NNJF2O1iiRz3ZSLb9GfTVayum 9BJ+8sKwQYLcOxwzLpyqm8qBM4kESdoFdq2seV7lo/+y54mnBW9Rv/4OuGs9m/PL KletY2HgA9u6zz1LSw+4ZyATywrPeT8HXeLemdxLsgkIBnrnyvPDWHdhKFXPHFHS JzyC5qV/zJumwCIppBGSxJMOFGyCCNjj/1Y+S+dGaTVfy0ACPGBMkixH4rQkcoQH Isk6AxUV1VCK2CbbDv+Mfs0x+2/1+o5AnyKCzmWj+V4mzk1EsW5nVAALFHUl9BU= =/s8Q -----END PGP SIGNATURE-----