This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mantis-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 22:22:38 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7f5c6390bc98b0917122c7e2826602d089041024 * md5sum bc9efc425e3d41d805db76faca873768 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmiiAAoJEIXCXpWhbrlNfR4H/3+leC4y2V7hIacdF7Wl6tIu Hrj0vibOMfMvPgydV+3g8lCM1AWyJkLZTnDXHzgMwDEapS4Ho+mVWRJr1NyWy4/v xxx6HqYFOqRWzQ6M7fFzXwNqdvl0WS6PJDaO+dAoV5FRpM3YyAc/Dz/tqIT86DuO XcmWLFTyos0IV7k4lYrDKilKu8m6cEaUGatU9V8+WuSwhzXs3IoLo+mtpwGsoWu2 M4Hxmc9Ct9+Jzq/KxdBhh0MbF3S+Oz8N92ePUlpKOY3rkSMkm4UKUCwcNLouWuyy vsKq0MpFXMC7oVMOaUJQX2p/T6ReriTvywRk8UgLST6H0BvnpIfAGmb/PDEf+xg= =okux -----END PGP SIGNATURE-----