This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-magento_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 16:36:45 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum eceb3cc9b724b11a9d6f4e70f35d0e4b579a3232 * md5sum e762165405d38ec9dd9e63c852d64063 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXW8VAAoJEIXCXpWhbrlNCikIAOxoxjdBOOWG+BLTASkIbH48 zgP5iV1/GSNlG+tbeHR2k5tOaZ6qsiaNqPJA93Ka/TQhRKS4Z7aXLWANORnrfCoa C69X7C0Nid6NWuRW2spmVccwweSh/T0FVjLJp2UX9xBe3yDILYC4A40ctl6k2ZR4 80fHmqV/nOW57izwrVvMYFU+CHt6+8C+NoDolODvgCc2DvEwaX8SnIaA50zRAwe/ FCO5ez+doA3uz23xQ2tEVVPuKu9ik69iqAzOghggJoO3Yk6gLUsfC1ZiDw7w1bOQ xZsYS+GLk6rqO3U04f+eZefMXYpBJTgxW0x/K7Z9OTTyokVZ217h6BYEnqjp8uY= =IpQw -----END PGP SIGNATURE-----