This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-collabtive-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:24:37 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 0c6c41bf8390c561954027777b630cda267469c6 * md5sum fa7efc51a566ef2ad3d1b48457d366c0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6grAAoJEIXCXpWhbrlNSrgIALwd+mPbgl/2trp8O1AiG+68 9mabzJDg/1SEam8eMtsyG8Xa8Nu7aq0WHU4uWMPRwigLeL9jg82WXGyw+NJel5qR oHeaLegsKcKasqSZWr8Ym4S/oGODyejEnUlQ9wSYDIPPRUK0fBPCmsOJ/RdctPps jM3yvE4W/IMHIpXIWgGlINpIM7APjU9VmUmrAJW3ZuiB1jBY+aCcKlOXK+PwQYqu axfEpafjYhESzZP22LesORxT0ty/ss7/hhJRiWBeMhtgSNRDZ+SfjXKx+Yf5jdVT ofjQDhHN7/BUx2ylIgpLJscsrd503IpqFb9DeIhQeI8HvgTjXyQN0JRypqmZUsI= =BnQ0 -----END PGP SIGNATURE-----