This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-bambooinvoice_13.0-1_amd64.tar.gz.sig gpg: Signature made Wed Oct 16 12:07:09 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 10bb7a816173187c230136560203448c96833979 * md5sum d5c847c8fc15badbfc1d02adfc0504c7 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXoFmAAoJEIXCXpWhbrlNE8QIAK0sH7AY3jzQYOHaNV4A0mvk KUhejS/cWISSuFsmJ8YMPCm2mGHF3PjJjPj5qjGCuWxHKTnd+FOo2dG/QjmXJvIz rQEFKzCWFi1HJJ/TNqyou0/jlJIFfY0+eIlqnEMjGabuTPE1Iyuf/eVScAnKkbin eSC1I/mZCcLcIpPMGKj1lFXeE3dKEsLaYfb7x3+EpVmdeKD2pK33kxg00u4l/5+O /mIeBevcjrlXcReuU/WToeUnOmF3xN/iffCSVFa3VswWtAdVC405aBtRBNTZlKCg ffX6DqpiDLnmKIzat1Em8DMq9706leVqZ9HiRhuCeLPQx51Qe7pcIlHmqB3bfgg= =uNlQ -----END PGP SIGNATURE-----