This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-statusnet-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:46:30 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c052cf65692a86cfca60d426b81511180a51b1d3 * md5sum 1dc4a1aef85d659ebaf3203249732376 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3huAAoJEIXCXpWhbrlNq5UIALnJ7Yqct9m56t6BOsFH00eh zvBQKrOgVgntUkZDH9zDqwT8j6DmfDt7MLPXwtdEwjB1uuZ0cQ2ph0jn3clpU59p WGfPqqsVOZ22Eh9a6+EYlDKlf7sK9nDeOoC12jR3d/ZRNRe/qGYn5UxN3YFx1s+w 63QhG3hjsBuT5VlIpaU1bfmT3fGMOCASR0n7syt3f0KJ92Rt0MuySVvB0uTYDQYY bSX54soVgIQ6ik6sOkrKOnlkppVA1BQIos7CTEVndDlaap5HJB+2iIYL6BinW3uo xItdXZi2FkGIr3vq+AZVuDRxXSY6nEqpLiNX+SdUIToknYLwCa4It18917XRuXI= =CKFH -----END PGP SIGNATURE-----