This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-roundup-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:30:55 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ddc5990d711727e67e0dd03eb9ffbc9ffbca0e15 * md5sum 46ea798b9206d018244d8130e543be09 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3TKAAoJEIXCXpWhbrlN0xIH/Rj1rHmlqgFPsC679MNhXJtW Hy3S4jh8TxffJCllFkHKIbPeqyBp06+AdecfBD+uocoNurCbxpokQcKIAYEPfQHD /3VLYU4cVGKQdCsn2seUe/Lu2Mxq3YRBlUjym6P4rlTjiffFJgiZj1A4H8lIcbSM SE7A6aKmGMGUHgVTa0+iL86KaAxjzaIkHe1bKRqO03elCpjD/TLOlMth88ZU1CD6 zZOOkXcxku1ZANS2uZLfljJWmZ+T44jjg0rGeNp4IomO7cxOb+tOW1vs1WwRycpi VzQURQw5FkYJ3RPFu2pQCZs71k42UMF0E4r0Xy/L7+5jhQndCuqyYrARwCCF5pk= =/LLR -----END PGP SIGNATURE-----