This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-asp-net-apache-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 12:37:55 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 09110ab590a3face3237eff4bc648969d7e151f5 * md5sum 6e124bf98f32c1f62926ff737851a40f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrd+bAAoJEIXCXpWhbrlNKJEIAOPSVR5vJJRkZ2UGiAjQaFpx WpcfCYwpXL01JihHyPY8Ml3ZbQLVcZIWxAj2spegeZhAv91Lu8Lgh2nDbjnsz/79 arEYPMOGiDsUmAKn8nZQ6fPCv8zELNqa/2yZpEmATTf9qAoUdBDAx/wBLN8Gl4+0 TnJ6E/sK6stRnYx11dGj7laxjojHJF1HWk/lHE1yARyRG7kL+jJ/jix7x7PDB6Cz IDr44Ss/e52AQ2fpwCGtylx5ROt+FekIBGMN1pI080loh2QWcXZqmv2tisVV6cHV PDdrRuX11f9b1sYb63L1j8271BIOcigmoPU3MAnK19H+Qaa0VqdpSQG+eq4Zh38= =mKzo -----END PGP SIGNATURE-----