This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-vtiger-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 17:06:49 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 176a736af7737de606f846e6761b5b1597986e1e * md5sum a1c0b114aaae1f11578510a20804144a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrh6iAAoJEIXCXpWhbrlNWHgH/0TUq8LosoOgtG2Qc+7SkUY8 TiekynW0LqxF1JrJBNgMnzjw+JRQVB0WvE6H0u9l1DllE9Y3Uf4zdnmmmD24xgDL m2Rphjdj0DDNZDyr+K2LwFwRkth78hPxI758aitJYq1zD+rd3ja0vvPZF92QbA8i mnOH+zulsa8dy1KaQE5rWt3y1mu3OAdxOq3vDEoBdX4M+djeQz8Ntr9NgJUs83Wn 9YW9Wj7aX25J8PEKjUCgsBLRCh9xYkVnGnUlB+xcrcdePvejogDQhLlbABvusXfl GNf2ipsDXoabO7drNxYaohe1sEu7e35Cbkz4X1zT4e03GF2Ov046BFRqwzG07Ag= =fCyj -----END PGP SIGNATURE-----