This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-moinmoin-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:18:26 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum d515c3091a304c99d1f7e2629076608f69190e80 * md5sum 5b08ddeba69b1b40f3159332e0863de7 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3HaAAoJEIXCXpWhbrlNFFEIAL+p49cinQ8jKkHAhtU8g8fI lHyhtIdh6y5F39G6dtd2nzANRJAH5aOZ8fMwnAS/CSoWnvxQiDQJcVrMBRLsETBl 1HaNNquH/VNDz3bRfWIyq3GQCJud1C3nOeHVEV/lzFNyXiUKikNQ4lp4kPcInGZS jFHv0umkNhBEbOQ6q8EYWJ9O0s05VOdYx0Fe+tnoBVQr0kGBoKIo5ivH6odlhDTq 1kwmCGlwN3fDTuM+AkDwA/a3TPmfdVgolYwcdoUIsOhqbjP4fVni27FGm0Kql0TH 63cHSXHLSQfEQp0pjIlaEQSPs92c9Soy9Imwet1FjENRAwqdc8IOshChFNuC7tY= =9YCP -----END PGP SIGNATURE-----