This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-magento_12.0-1_i386.tar.gz.sig gpg: Signature made Tue Aug 21 14:00:27 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 88222499f4b6d1f4467f6c5ca177a8ae34269148 * md5sum 538ab058851f7f18d5e652acc5af14b6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM5RxAAoJEIXCXpWhbrlNbhYIAKTHtWRAaVoGFKyrmRNnTioG UqJb5T1lkNbq0IyhIGwi2hLHklH0MxSx2XLfplckJq0muCLKeWMDsSqggxrt+Ffs DLGAkl22yakenPLbVwtHg5omKG51cin2DmyTGuezMbpG76dq1naP8HHcJyr4Fwrn jg/xy/h++mNMLqVF0i/BOhjO/Cl0BCueZPJQvvZyo9htHo5rB+0xNTpP7h+YVbiv JZRn30nW4RAvdFOsQRiEVtym++yzqgAekVbuuwDfPPVDWeU8G+z/q/SMnTD9h6J4 6OZgWSHCKO1kVe2yD0dJM2sTkOqnl1naLPHdL1QtKgWCu3GSs+MVx4GFmihQWi4= =DHbL -----END PGP SIGNATURE-----