This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phplist-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:22:14 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e44e68280b57ad5101d0e902d08884124eb22867 * md5sum a92510a53a82e71a05685ecb45c9aa38 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3K+AAoJEIXCXpWhbrlNWWUH/0gZAX+EOgekpElLCdDAPdpH SsswK84Udu5ki9Ajc9v+RAPlrVdlEYTx8yaKvNcxnR2V591lObBVyprM5uvaZZ6G WXBHX/ixM6CcK0fF/XxHhvvl7uzpO6DSyp3AOCqttP9yP3rGZ/HovGQC+POgwpRn /D5l72PPq8fLsSRFczLIk7lDZUtNB+ulIlEt2Qdk9JiTyD24+UmbR1TVFebF3IP6 eWq39woYtU9s4fMVt3NS2n87cUKfjqKrvoP33nJ0ItI9GJCjvdH61ina8qTEr15s qZxvvSvz31rhRQgq/0GVq8PLl1zvwASDjq4Uiz8z0pcCJ1rBUh/6DQ7ZaUMfMgk= =qi7w -----END PGP SIGNATURE-----