This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nodejs-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:15:34 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7e41c4fb96ed3ec8ac2663655eca6e21560d0470 * md5sum c8cb220ee06a08b17a0102beb3623d12 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3EvAAoJEIXCXpWhbrlN5ygH/izjzd7+J5OriuqjAiXRXGC3 wXPFbzZ9dq2DooBSPFoVyFTxRaBl9tk0hyqXh1IMJ/fzZ9IT4OQMzPkQDg6sTv98 TP2NlOpEG+VcPHoOv7lqFATSuWc52Gr01LvDDO/pn8Yiv0CGqAFV2M8hB35DjVl8 fBFg2C2Qu5dedgCZhaBw1hZlXcejHM3mShNXkB/UyekJZqGcCMrybKnGOkwi6o+B kE2Gw9PuBmBTMMrsUIxqr9FXS97x23kP0enf8bss9RmusygfKZj/0BCtZZKtMDwC ZnBMDxIiibEgA+3ErNDc6Vllmt9WqhruMKr6J7fQnuDkn8ByMCO0K2DbP1USlqg= =OQhc -----END PGP SIGNATURE-----