This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-otrs-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 23:07:50 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 257a6d932c3bbd6328f13e67ae78447a490c0150 * md5sum 4bb3c990d55b6b13809ddfbead35b7f1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrnM8AAoJEIXCXpWhbrlNJ/cH/2fWEIBh75VgLYr1fvWBNKWK w0xMg7ILa/m/9UB0TubE1nCxFqQHTtmqhpPyzao02Sd+LqBJi2bYl4a2skjk4iD8 uwBdj0DyX+MiFZ5cTXLc+a05kRHG9Wn9Y87RlkS8pKGGu0djTX7LYxcDrEqM+rAV JgzsPYZMadQjcFdMkIjqmARoassiYagUPI8d9A9ev+VA78mTKVd0gp0AQZfQaa0w Yri3pEZgS8lqHEFfvTyar/xGhXTY23Bts8rXY9oP7jTefymRzcl6437ICg5cG2e7 v31CfwPZHD4y3CO1vDUENQLZnFIjMCcDzCO0TvLe/W/0cQ+NCP1A5HWBGfc23PM= =kp+0 -----END PGP SIGNATURE-----