This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-django-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:29:53 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 3db4e6a6c945976d54280121baf9bac52fd13bd0 * md5sum 397ca2aeb0bc4aeefb30cff92b1e7ae3 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6lpAAoJEIXCXpWhbrlNjDoIAMQS9bnuChkVeDQrlNyCzT+F KcYmM11Nc5NkBSsLeMZCh0C6ItdRcvjcIkNTske9crzxXdiJZkEP6yuUUO3uUmcq MdIvtomK043Y72rLR5IHrBQD/N1cfRrEHXIzD1TlN/w4OxNgSbtUlXgMbMIqHA3l 0pQe9gySMgABC3qugzc734djOEbilMzieBAD28V7abQuTQgmcQ58UGIbMJBwtrqW FyWzXxGAKkQCwGJf/rHWpFh2AwhPImRKVy3SN5uVuVmILnjf/xsiXpTxAjWl28As 8uCQY9+OOb6kLQldCyXE/RZAbuChRD3l/xgegll1kHZArV7j4Xh4001D/RvGAms= =3ncI -----END PGP SIGNATURE-----