This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-lighttpd-php-fastcgi-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 14:21:00 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4996a83c6a0716b136d6322cea4d3a3de5318c83 * md5sum 359cb655978176b663a6a855e233401a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrffGAAoJEIXCXpWhbrlNGGQIAJPF5Ybd0YZ0zgkG43eyF9J3 +v7/PVPAQseoozC1oi63bL59mehbT9HX2b+CQqgNyNd5wFtM4q00/Obj4dmAeHto X9T02OClv9vF2I3R0tO1rE3bgmRKg4TD9LPAeH4YZjcrRnS7fkSAU5/pN3dInIrF WOFkRjIoleDoFZQ1zbUxyj+Q0dzKNnqKNLQxQJo2Cf15sl+CUbq4IRtvlENPPY0g FNYk3s0PdRfUrp4UPNKI9j7oSrfgxdWkNKL/N11marmWS55w6zOp30hn64jhXSHo JysNSdqmHxzrLR/ASOZ9eCJE8cWUBor0uUkncmRvyJ2O0s8Drcq8NzVqhiz8OrU= =R7Kf -----END PGP SIGNATURE-----