This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-redmine-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 16:19:24 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum e6186d3ef379aae4063b08aca83c6ea802b07100 * md5sum f72a4bc1dca8f2522f4fc67acb048338 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrhOCAAoJEIXCXpWhbrlNq/MIAMZkNbvURfKXufSqgzJn2T0t i7McTH4jgmncC+ZV/yMVyOL5WsY7bQwlDti7LpSIXctc2FO8qiaHlBxcVVghcIS+ v2tLTDep5LwN1pNRh4uSN+OS6I5n4Nk35k8A1vTPKlnpncX+uZNRQgjUcNB6ehfk G72uE8VOx3WIxoFyhOMXpPzU5YWjHraW5Jr8JhP3ZexyLCLMklKf2IsVozNaWtC2 Wg475fUhoph/o+CBMsMCh6RIOGHFygNBbJIuxsVZa213VWgAPf/nH5/SPujzaVZF RvNtG6kbGZ0OHljGJ3M0buvQ+AdprroowpfoNZXFtfBhwtROfHW0nsUnm3P3uRw= =c4x+ -----END PGP SIGNATURE-----