This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-gitlab_12.1-1_i386.tar.gz.sig gpg: Signature made Tue Jun 4 21:25:22 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 383d2d6c61b8fecf8e45096a2296b33d931f61ee * md5sum e9b60b56a40ea6050c127ed3256a5baf You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlsvAAoJEIXCXpWhbrlNnTAH/A6o+qg19GGD/Qu2ihwJCvzt SgYSQe9hn4Kxf95j56+awVE2wqs+bVzV+hRDuEMoLYdNtFMYyesYgpWwTWq22zhD vVlJuEh9cgApi7c6hoKcr59UMbha4rs7n+u3AlvvWR0Aupe8kz+ojOQi9WxQ4THW lH5Zom+4DGu7cALnFj0iIMj2uqCnJHwcmpXGp1M2AMV65dq1Cmho4pimhkCM/MML zERIsiwqUt3K8hCFOTnwi3Rj1xLhw1Zk3ojwtz2QVht9jsLzIsHmfMETHByN1E0C wG6QeUMgnEJqVpHiKKXTAvc3+8FU3xH8a+27gYHMu9PT3VHTbvd/F1ry7x4nrOE= =WdB4 -----END PGP SIGNATURE-----