This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-sitracker_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 19:11:09 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2d13ad89b1a0bd6601553f7cd78a2abf438c4515 * md5sum 24bbaa6be4ddccf40815770df0b99b40 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZNHAAoJEIXCXpWhbrlNcroIANNERVdofAsxn9xStg56BK/d 5RWBP9KgJjGpXy1AsSldlFe1TGvc1uhhnxNBs0bwlXgagcutnnUuv78iD2AEtqol hs8yKcrD15dhsp7SfiKI71ney5EOflITPVtnvi2OsrheAhQWmA/PZ239AEwjA1GD rPBWfpKWLl+vAqbcjRIeNNCW7tpjRtcK5wmq8MlRiZMuvgOemHTcr3/JuRjv4Lrh xUrgzGXK5TOfKHAsSbvR2aj4SEjpnWZo2yilMJ2ExPMhg58niyy5MA5OzLM19UmL k1VQaLPteLA0LLmy55dS3942XNTP7sOG2QaGQi2q0LTG8RhMDAQ0/8NzpaWj/34= =/Q8H -----END PGP SIGNATURE-----