This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phpnuke-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 16:24:24 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum bd4604e16a46f73296276b8b82b209125a6e7b60 * md5sum 89a2f5b9c8743e392ba85ebb9d225e8c You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM7YvAAoJEIXCXpWhbrlNzGsH/REAVkeYtQVJknrh9i1oymZ2 SIXLILO3/HWKb2VZortJ5+2FmXp9zSdxOLyNVl+Ff8CZkVMoEkr1b3cdus1/8nM2 LsXJZjWcwg3CwQA0Ivv3hGezrlWahpcF0v3+ta7n0WoA29+LtttP6OaZ05P5r4Xb b+ws6Y3rI3AdZr8+F5mOC9/QDmiWramhxB5Bf5rBdGvDGhyvtO/Z1c9y2MCHcC2d k7MMa77iHhWFAvABy79NPToOW0F+wtYQG7WpiXq1edMu013Ko9AGgHcrx1z2gShq ecAL6cg7Xn5Xp3tBgFUsX3iBb8hR/Ko3ohVwNxSesT8X2TINQSg99yVIEuvF7UM= =EiDG -----END PGP SIGNATURE-----