This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-xoops_12.0-1_i386.tar.gz.sig gpg: Signature made Tue Aug 21 14:55:59 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 31d2819239ec76a47cd4aedb016686835bbc0a04 * md5sum 711f498c63905306ec50ab09e3c4651a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6F3AAoJEIXCXpWhbrlNt+8IAKd/TH80BJ9tLz+bhx9hkiJ8 mq9hKx2nborX6BAMrB57ZQPa5+FN2qU3gHdHQFIRgI14YoaF5TAtFIkJbD7IHYuX eeU9dA7ATU9J5+4+WAn+CY08hJsEWzrCksX9CKkZOLDEIXDUh123QbGfBg3ONg0v N1DtBj4UGDUz1NrNWaKElqpdvEI73VAEJNN2ibst2xs2yJdhGw6bcv7d5eZ26Slx AuLkfzOQ1JHkbBVPjPpCueO8J9h9WTjZx33stb1vvSguLQIU4AnZJlfXyH8rlNfi /8gJRwexRzYNU547Nb5PjmrFZgnRIOf0cEBCUAQ3sbP8VCph4MsW21D2Afw8BcI= =gyGb -----END PGP SIGNATURE-----