This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla15-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 21:40:07 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f2b5390ace41ed778a5c2c977b148105fe291fa8 * md5sum e86fa12c5bdc32fe8d2c25cac2e05a78 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrl6uAAoJEIXCXpWhbrlNHvwIAJf0ky/3LmhsnRRVUR5MyRP5 2IqzjIMpSYXJ4c4IYejgR0OVExO78Li4n7Uba84MCyDkIUVg5xLngplRHXzA2761 2HYsEVEkVQ/4djX7YgI0/Alo/B9ximamO3gDJW1M9M46e93elZnS3n35qEdTSpyE DdZeOrZph3i0akg11FP4eWu/lJR61auVenVZD5XEeedVn6vW/WEmQhz3OKy/WtkQ s+GQwzSW03PY7vIgZNCB2B/Jwq3lpoilMj9+fyImedB5Zu7t0vxG2jIb/813iVII ob9UeehphJCl3IdgXjOROjq62lE+9CAtGkLNSLBsWVvguuUT7ItcT/SJwKHpelg= =3t8e -----END PGP SIGNATURE-----