This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:42:51 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4ffac1fb7c8168298fce14001cfc3aeecafb86fb * md5sum 125cd2f071e5ae302463270b4db7f23f You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3eTAAoJEIXCXpWhbrlN8AIH/3vwwfbBrgJJBe/87px/jkbw gj5ADPYdwIR3/72jBu/M2W2tzFkqyvwwk7Fkulu8DZJRqZsrmYSq1SVH7YAT5W+E SJiP7Cvex4assFyODMcBPgrckVTYgbL1Kdnk6qdLKOl3AlxOKvIFvDXf1/OcqOoL llQIZ792a8GrMD7p9vXiZM8S2vn2q28k+yZJpKoIdHcQgUVUKhtulHqM6A8MCvnK N9ZkRvsNfjM0VGCQWScBD4f8t9kubxNv+PdbVrNXoRHLeKFbnfJnL4DhQHbxorb+ AlLVUG4oKtS8El6/347qI/yq+4tpMil/vluZWAB2cdOO9VQ1eXJprqkovbjgWm0= =bPHs -----END PGP SIGNATURE-----