This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-moinmoin_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 17:01:14 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 43a8560634346449da658ea5d49a9d8d746d409f * md5sum 4f0a6d7e685fa53e5a8423914fed77f5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXXTTAAoJEIXCXpWhbrlNadAIALuX4alXp7Su7cye6UE15MDX +/TATi+D0dsJYaFjwh31adkIe1x3DC08AyspvGVa0kBb5OWy4bb57aE1jvuR9sFK +zSivp/uCr56BuN3o9zoF9cedgnVGsAMBYKbS8NNMnwLOikyCrAwvIQSVIClSCoJ NC0J3Nry44T6lpAFIA8hFpwvd3wADtAxm0Kkx/i7oy6+GQ9fo41IJ61Cc3wvayNd Ou+DloXp966PXvRHumwKr7bZVTWA48XxX0SNOGubp9FYOBNyxjcjnmj5sk6nKLpF WJEdMeyoXFpry2f8tZxBmyWKS9+jeWcG31rQTdJjnDxsi3GjffdBI8k88cRBdMQ= =wAIp -----END PGP SIGNATURE-----