This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-openphoto-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:19:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 663135776a9b2113cc8000bd83795c95a70de258 * md5sum 878d83f377f840a5239a44adc451f87d You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3InAAoJEIXCXpWhbrlNy9IH/1sq39jsGi2dqT5KDVOzVDrF dEMamz+ChyWxqWDSUVj8J5AMPnicwu7ohT4ds+FRxIMIMn+ewh1m1Um9hrjKXad/ cvf4RugreniZ6Q4uKjoiCCXwLsHU9eI4Wq8OqWw7BVAIFbbSpLq2jrmtF8ibQ56e ezOx04jhBf5If8X4iopLpg0z+HhhvZS8I64Auae7I9vefsjrXeV89hJod1py+W0v vD+33/47WwiOuqbIi+54n00/41DXNhfJedoacnCf+Yp9e3/TI/yCh/z2PZVapzG3 y1A7A9uMq0FqfDJQHOVp+hqPRVknEBZwoK3g9JKhk6H6Ohy9XOHuMQk5YHRwyAw= =Xe5V -----END PGP SIGNATURE-----