This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-gallery-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:39:19 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum a9312f13ba2f984ecb785b77534e8bf69ed41b30 * md5sum 0b8a4c347b12c425d74419bc987d81dd You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6ueAAoJEIXCXpWhbrlNs+kIAJZcY08hujWOyS5KN7O8tb4V KbyxkyS0aOiUFDT6u7A3kKzFB300O9mJuvPZGZNxD0BcAOH4TaVdUuD6i+g6MdEa xrQloUjIikSa0m+PR0rM3KWO6xIpveSkPJg1gIXLhrwig67CifA3XuuwAibqNcZK rB7tdo2ZEVhL632oH78MQC666kxrlUt5RqPEqdXx+SvkwyplT399ubkwa6ZZ86i5 qVdHFws+C+WjWinDbXGHNWgGk4JbgS+avwr7T1LqxwxfGpT36e49wwVtzweRWEZ8 S+qiWHGC11IdXtodgHA8dWlfDi97yyvwZSJUXgo1RRd9WStVzs5XE36QRJH3/9k= =kIqZ -----END PGP SIGNATURE-----