This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal6-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:31:54 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 4c9229300f0c2d6244781c9af7d45cad652a01be * md5sum 582d46737998e44fcf20f5f083b1f8d4 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6nhAAoJEIXCXpWhbrlN5gMIAKfWv9TJjnniJDDsIOH6RuEa oOSnUHgDoFD8lqueEV9makF6lWlxLNyQZwdr5eiZrHxr4bO/ZR7K/xBuYnZroYsD e6Xp6ng1AKUiB1V6Wb0wTHyuE47a2zVIS8hW2dG5PfLM0Av4K5D+cSFV7xImr+14 8v91vSTwSf9+qx4/PBfEr4tSUKum+q8w2zRpQcnNIZwLckN/tupaw3XXSdJQOvLR SMQbr4hhlurrTaSKL32lrdhTnSh6lvA2ihO483Wx7scSB7eR6y0fCmiQDEOIH00b npeNXLyLRBc5/4aV8Cqsq/1kT3dhs2nrn9kdfPRY3rNtogeNmDE3vFFY3CvKTqY= =8FQa -----END PGP SIGNATURE-----