This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nginx-php-fastcgi-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 22:40:11 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e2af64531158aca9836702c1656030cb8fc60e0a * md5sum 667ff511ec583e2863161eea3e72ceba You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrmzCAAoJEIXCXpWhbrlNYgEH/RoGIuCTlZabi/75z15OqKMU 7XkCynISklpVBPR3AVCNBktEBylxVVXUVp8hKNMlsXokvonf0+WipMuwwwKz5DPi zAbgJuzE5YJdT6L9kji62xvTyNXwF7pDNo71a4X0s9vfCx8Pxz3OlAIGQETmK9y0 Vvkc+eY8hEVvdF88vG+6bUSqN1x27VqYk5krD97hAxJmt2oXunKwSWowpE5YwyeN M1r4lK8V3qVdBEXUu2Tih+snzgCgxKLKN57v8rMfgWqV/0GSb3nBWYQ8nkoesLH3 FxGAPgTaS5RlLK8/x2uaP76j/pBM6bW4IV2Pitta2A4V+yvtzOPwFzrDxqYQsvc= =esfn -----END PGP SIGNATURE-----