This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-oscommerce_12.1-1_i386.tar.gz.sig gpg: Signature made Tue Jun 4 22:56:59 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 526dee0082278694642e1ffe0e85f6dabe33661f * md5sum 50d763ed62ea06b519e337bfb3843a36 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrnCxAAoJEIXCXpWhbrlNeTYH/214D36RfeuuQ/GSSQPJk9zy 2UD0IW7qiq4A6UcB0Qcb17sHi/7OQw8vzioTr1r4nIB6f1BjsZn1GQCXY5vJ2OV7 07yJPVyQe0oKF612nW4I8ROxXVzxDqFBWvtXaXL6DxI0vr2DY4+IEhys749RmsjR omYTDy4P+soMGS9uZLOrERaWfJ5FT7xtF0sMP9X/R++voMFW1Cvg0kDGcMjeas+n pIe3QGcm6sqCzjSyp9S3kchzIvriV5CbeHn3i8IDRwLLmWYquAXXgTh6caP0RJ6W TI8KrEdfs2R8lY20vEUxL0L/VZzD2t/ZpjV2w4upl0whqdj7qpxAObhv8t7Y7B4= =YjYk -----END PGP SIGNATURE-----