This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-bugzilla-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 20:09:40 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3663e112c6df7e1b417b5090dd0fc5a91eb8e3fd * md5sum 44bd41715ce6393022fcf7483a015198 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrkl5AAoJEIXCXpWhbrlNC/0IAKqKfgmPbHQ0riJdYBQaKMlp 7PyRwCjq4AWFiGN2/AGMNkb9CSWknFwqbJBjSXzBShIKql61UDNR3Ag6yHtQ+ucW zm7a02Dg4ck1vJcQQxzSEnsN05mqNz+D8ZiGa/fLrL6gAJagD3dfXVlYvySN23Le nkXfVCQrLBkRVIVWNrc+wjcruJOj4SgPmS43E0dqtxkJgxtdt0AecBoR5ReffL1T b/L6s9RhQaTk7mRJDUBXmm+oTg15qxyGKzRXNorn9vA6T8+ry1B4LTnc4I8vWeJq Z1Kv0mcY1Ubz8STXUXCJDBpi6JGTRd/RMGvcdjvuF2BeR+JF2WKxxMrs1iPJlZY= =oL4K -----END PGP SIGNATURE-----