This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nginx-php-fastcgi-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 16:06:09 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum eec7e2005c1e981115d15bc2ddc75884fa2046b6 * md5sum cb1dd206404e64c6d39e041d04b6acc0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7HoAAoJEIXCXpWhbrlNm2UIAJeZzCYnge3GF36FX4hPEKe5 5RqXHhQoMJ5kp1lnWb3dE/G4098CXOD2S+09x2TNzM/ygMaz2vsvLyGdgjVjYB0b 67ps4UD5stFMuGIzNNK59hfyDonuYxZIWe28d1LIAotD48AGIC3/Eg9K7YtnMMWL LrmICcRcXoLrcxGuO6ceoEgjRGlJOIIW71tkElGXzA37rbtEJp95UiC92b5G+qa/ XhIt9fLBajytvp05StGCjvqWY0iEbBC2Jg5y+Pjkh/L0joAn91Ipf/ABX+UMCe86 zKrt0DPz9Xw1LEt4vjl4seDQZOwwS7okwPBrLQ87Z/gNZDcf2GqU4goTqQBZtrI= =3A+5 -----END PGP SIGNATURE-----