This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-tomcat_12.1-1_i386.tar.gz.sig gpg: Signature made Wed Jun 5 00:50:21 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum cbb0c92e4679fc899472c3efc3404e5be6671298 * md5sum dba1d36c52e23f8186e2eb67c1ee21ef You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrotAAAoJEIXCXpWhbrlN4yEH+QEWV8vMHBCxQA+XbWf5/OtV 6iJghD8f7sbY3SNys7GwX7TO00aUUYepUlEv2HARyBH38LR8iaZvq1yjyhsDKlHq JuACBgyb5ftNAyFJP2ys4i8ct8ery5V7ozZoHHSWB+rG4gtaKK/bBocRZWSNeCbF G2XsZ5cEthoDDKpVJQ/tT7GooUGEWSq3b17RHqQVJDmv328wEe0ixBq5RfCJhNtJ I/9TZ0dC9E+90ImOjo5YhObxFdIVHgmCR6ohn92vqDnTm3W3DoEGMU6or4Bo2hFi 8rhdpBhHrwkbScWbwg5hdskd5ZsZY09lFo/ZAjPr+BzDPoXczksWQghIUGPzsmo= =jMcX -----END PGP SIGNATURE-----