This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mambo-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:52:50 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 93e2fe42ea6dbb967b3a18e1dea64f987202ddd3 * md5sum be63bb08aad7ce9d9e641881b986e983 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM67IAAoJEIXCXpWhbrlNJR4H/0682H6KdbEIggPyQrCZf4Q+ C+uUI/jPVUq7ESAh6f69i4kt3S8VyhbmGEpV15GjwXH58/Ww6X8LyHhV6izidC24 PjIR69HY4BrPJH3OmrB1yPZJy//lxhSyWBF6qKsOG5YkNYz1TmsgF19UXPDzaIw7 TUYpioJiSMgqVuzvI2V36aAsokeofWVV4nIBKvf86Makn26KKPUHVaMuuJNV8Ia1 RB/r0frryn0VjNoHoKV22twHkMcFqExPMugspNTp6KLVmiTFLTn5nW4vgWxUhNsh RBiyr+IHeMWk9PLL83429LLBui+5hWEgfW5KW0GRHmbZZur80ZiTXzzJ701Qt0Q= =URsp -----END PGP SIGNATURE-----