This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-core-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Sun Aug 19 16:36:37 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum a8d61be95d591acca699cb189804da052787a0fe * md5sum c0603da65e2dacc6f4568151ed1794bd You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQMRYOAAoJEIXCXpWhbrlN59YH/Rxe7n4eljd5Q2IgR2FR69bi Oqj3H+TCo7CBzMm0lzO64R8tehba8+0ZCV24Scfn+zsXiFgwksGeqiQlosPt14Ic cQw13QExsq3C/cUuPiDsQEpIYcfODgWGDeBRnCooWE16HWr6uMKjBMC/twMRS20F srv3RcQm7CPxMK5ZX734dURphFpVTxakwcpd7flnOiu3sW2BN43gPkofhKbzldgk qhRvSTIMMAnmiOuWv6JUAe65rXKlQjK5duLq63drG5e+5gdN71AX9KM3ah39cg3u Nz3xzRA9yTm45tPPePqF+iVWpd8NA+i6I+SycddXFDhiI2yydbTKXdIoVh4KRX4= =9I6u -----END PGP SIGNATURE-----