This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mambo-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:10:11 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 71ede984f48efb8eaf727c4308c6155720b2d82d * md5sum 993aff9ea08f84c8dfedaade35b937e7 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc2/sAAoJEIXCXpWhbrlNoMUIAJ5pgANApVpb2Kvgwhqhk5tK s/IG5ptO76s2F7JusEfssHNm+2w18ronWnVpG5ONT/6aGj8gdn9byVjzZwZ51DVW UEob5fjd3Go1ip1oAG3qd6dHSyoXt3eemvjioE6d+s6AvcEAK3MqoNAbv0HVeEjA 2S/61n3wTvM756t6RWnIdzTsEycyTEchsoOe7V152M33mTw2sk9b/3fppsAAGqa2 kBkdHuOCgjJIq0OhVoe3C0YLpMzhaRNErcke/R9P1Ok8BLleccBCq1y39+BzYHw2 cGBx54JkD11lvbfNloOrjaCs5028eU1iBXQQJP9r4J78sdsGgRndUO6xkGIjxrE= =0tLJ -----END PGP SIGNATURE-----