This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-xoops_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 20:14:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 22ef300eeeb2b5b533cb6da8927079a0f60ff2b3 * md5sum 8db5e6f4a1077af83452fb6173b726d2 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaIXAAoJEIXCXpWhbrlNVesIAIVfIzQPvdoaOlZkECprAhtq eiq2KYel8LKO0dT/vEGsRq9ZKH1Ipi9II3m5ozxAPx7keKILDT1wCASEttjX/iV1 S++rJhArU1saYAc9eEdFg46b1rpQpjj144fEO3xCKEHHWkb45XGr4ojQuf1J5Mc1 J4anRtFZTrpndetRCI2/ucQOYhi7LJonaeqkP2cUz++8oVwgsaEKrik5u1oxmRyY l26H7P6qY4wJMLpVCmoadcFGRpu6e9LMcqkYgHmBB8c78dxmVQYN37KyuWf0TGuX q6v9SmtHwZwoQENWru18J1LWPBVK+n4lNafi2dtKMQAGQLezsN6BUXF9OX1q8es= =IcmG -----END PGP SIGNATURE-----