This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-owncloud-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:31:00 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum f9579cd0d0bbe6155ec13773bad83fbbf261ee84 * md5sum 9e84c52b5beb85634e59abac9ed99ce2 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3TLAAoJEIXCXpWhbrlNjIUH/2b5ZRS7ezF1AeUbJwsRU4xD arV6M4+AElyIl15rlsd62DL2Mvyze0L6iU00nnkTwXA78KDmyaPgq5lF26/v5JL+ Mc3tSB/3as1sMGxie/hdNwSGrG8aAFO/w4YxmtD8C9ta2t9Mgd8oeVnPfb8JqJqc KlCZX6fFIVXGKcYMsIVAVAX0pFkZVxeF+A1/ziGDzAJwgTONPiFgxVI/pFhXN/Ob tWRL2QGGRdYol+ntIlbODK9aF0+tzdAXoxpfisxj/ULCjuRWNvatbJ+ljCvCxPLq ou6+Sn0PVcttWx27CTHUYv1ogoNuUj2uHPNdoUDKVnorYPgBfu0IJyD1rae5ga8= =SZy8 -----END PGP SIGNATURE-----