This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lighttpd-php-fastcgi-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 16:03:24 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum b333536a989841e81406cf04db4f8a75fd7e2494 * md5sum 1aa4465f0ebb21e063a7350dd544817f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7FEAAoJEIXCXpWhbrlNIwIIANnQL/nKAr1QXNL8mksZnFFu p+ufqYD31vhWZWy6PBn8KfshbMdNNoiH/zozhmu/Wni2n0DD7MVdq0hlm3POm7ew /nVD/zdkv2AP0ynlqZF/H3C2wMld86cGdZxJVOqJ3PD8NYNYKwkZsvGBUcqndW0S 9gQ7AncR5qcCU3r+H8j3FU5U2FTB3n7u5MJrD15jhRUkJQljiSwGWLlNS8EkuQSe pMRAJZu27ApFaCZuL0u4pHUHUJPZDS7oeTsuiuPRM+Vw9ki/I7hFpE0DKrMLrnp6 hIPGM6z9OrDjSnOqaxH9vMMUwLE7jT5bXssD3hPYgYcWN9c8y2Zq8sx/BZRi/ig= =ZOLy -----END PGP SIGNATURE-----