This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-punbb-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 15:42:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 8c2aeab0d6c8a122bf8d0eb7c13d7b60370ab9f9 * md5sum 8c1208f623eb470853bc6d4c41f9fab0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgrgAAoJEIXCXpWhbrlNw7wH/R8GKN2NqTCo5a6oO83luJby HK6aR91+Arh35RRy655L765gq9fpcqfBbNEmjNCRjoIqu6y76UZNLHKwYepcJMM6 /yA/x4K6jGz+BFyIhxKzvvC3Vl8GOV5jZdgCQfJnsqhuMTJoiTb4CmidVvBEz7JW +eKioFQmMVlpjj6vyKsBHeA5oJD7sKz/sINHe7FmjMomb5XiOndMFJnoJNQujzYt tAzPu3WVUGhma5cZIYdcAIE9dHn3tduNKKZiCK9i7kV0sACtfAqFlW0RxKiEp19m Md3wQsvd6gWjWY5/uCbqCzdErbc0Tkl4/Bga52/JKY2bl8Igmrul1EOiWt6BF+k= =PYDc -----END PGP SIGNATURE-----