This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-oscommerce_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 17:37:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 12cf48de75708b4b36d20c616568a3847196d900 * md5sum 0489f8e7a662a203d8d27d0523b1d0e4 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXX1BAAoJEIXCXpWhbrlN6XwIAMgzzEs8bMEsrvAz1SgE9mpc Ax0HR04NUsAYQRGTFOSQc7G6b7IpldlQaPgBucdUw/rHkhgdJeNtu4fLeEC8Tt2M vhSQiwKPQg2F3QLF+Ba67p66vKvecxhvB8QndWG9nIj9OUdHdSF2I6N0x51dkrM/ hmGej8vautzR9SRgeiJjXrl8HO4+zUTsnHae8GAgLgIVIZbtWlSGKrUAO/SmgfFv y5BKDVXjO5UfNKZtbJAe3Tk8t42bI3fU6uufjI05mh0bebf6wf8yBtxpplI4QNPQ CYjaxrtcwTamtCQC2KjfqnpL+DCk2OjLhs4LC7W8CQ3btmDPIisjZp7tuwhfhus= =bGjA -----END PGP SIGNATURE-----