This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal6-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 13:26:15 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 15c5223099894a6ac4b97e357224431dad8ccf5f * md5sum 72fb8368607b6493de3c637e5c31b32a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrerwAAoJEIXCXpWhbrlN6VkIAM6U1HSHARgnL8n86dLNDMZP 9crhUgvZyEkE7ccsIWit59yISaYxa8ndHZWPZN910GM9WKrTWwkMJvbtYjtFVcUk hCowKi7TNtdn4MwBVfZbORlNEkGjvZV8WLwN63W99QPjaTrT+EMqN6UvqELM2frd loAgNi9rYRMzv2S6RtwjlvaTkrFnwWperR4w7NhOAFXKozO1mL62Y63zWKYja6LB dbBCixD3hnK3kaoccn0PPSW2yfh8V6P5hM2Ti4KuKqKhgIY/jJpqpmdiQK8SKMzt 4vPU6seBn6fh16i7rQ2pT64MKfy9kr0B6lFQWng2GAHL+1kgJhKqf/KlnmFR9Tc= =01nV -----END PGP SIGNATURE-----