This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mahara-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:07:55 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 302765f6a1e2e9fa56157793c32480730f6dc1ce * md5sum bfd61142e291ef7ab1ccb45e5a661a3a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc29lAAoJEIXCXpWhbrlNH3IIANTGLG/Bgo0EPpIkEi6ivxyy tlC2f1p2QOUwMFsh9/0Xz86PR54EP9uI/CgOKHTt3g4iL6UVQl/fWv6VBH9Cs0+r b1oX2NN+yY5fCJdnMeC3Jzpaw9gNl9U1AJFNxLBwr3hTBQJxHstozvawQWwbsK7M HGhQqJMnibZEl9lerBO4+U/+H7nGzEhYcmRVojXm0dBhK61f8EnQYDZfDTEAh5i3 R3LOOtMYrHoMHUZiGnTI0fzXsE9PwHEoxpnB/G69QW6ZwF6BQaCiWeWfEpoXGOtF Fc6/sBn/h0t/oS0AOPCFHGrF9pXLoBOgyxlSzZRytJkfQM9pIQlAAHjfRtH0Zro= =yxbS -----END PGP SIGNATURE-----