This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-web2py_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 20:42:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 03bdf73d64e6661c714418b9a73e7af69e190b94 * md5sum 24462814179e4a54c28c8d9c6c1e0a6f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXaixAAoJEIXCXpWhbrlNtO0IAMt31PzVxdYlxp63EyGqufWg gmhtsURC5M8fBxrkC90KTaaVb+Na9K7nSpt/RIG947/98XWZ6m5tnw8xB1Couhoh CoGecxkneC0Xbvdu/wgrx8dD9StIvv7C50SuXZcJX7IFsW3z+0UeslbAybzTMIMN 1jIu4jH4kRCDvxS5WUKtP7YmqcY5OwqbDgA11vG5ugmT4D2TNmwK1wuBcC5KgokX ZsPfB6h3TgjBbj2CIzM1xp9Xn+JG2vcqlvxTkYYtJWrQhI8i9r4tZW225XbiMJ3e sCeTbYY/iZgCcgGcigdZHLVEgUKVJhXHrnjQRRcMrQVTGa0K5JocIu0J+cX0Zro= =Ejzm -----END PGP SIGNATURE-----