This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-wordpress-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Wed Jun 5 01:28:18 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum ac3ec7d8a2833a5a059781fbd23a3ebb78e85ebd * md5sum f4ca4c297eeaa5e377ad7a9a0543a54e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrpQoAAoJEIXCXpWhbrlNHrUIALGVr1yQNmf1k0uEigCnAGD9 jESCqqNT7wH1AOV4mb+MpRB2UVE7lgtyKKXK/jQtuLwih3ScJ2LTq0VMV/8w5P8P 5WImAPx1cF6/I5/0ROpAqtqxQRr8f+B+syju3738RkMFduLMl7NiHdvF39vnvu4U PnOGWwaL47vjCBvGn7EeVl8oksAFvQqW6YCdrjZcHQTEyG7HzQIwYwpmaYdN87Gf nPRVNaEG98mqpY/ELPxkHGwqv6Wpru2QL02lFLkJLSYltcdr0SZo6MmVtsOedv4+ 5NWFjhYbDAypFbxJol2Igshu8SDc/+jrQuzsxeRYnymoanGXin7KXDnmJzUfVAM= =J4LI -----END PGP SIGNATURE-----