This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mongodb-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:19:40 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 7286f4d4eb2a0f992abe888b88d973f07869276a * md5sum 0c899585246aa13fe31c3f98080c70a5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3IlAAoJEIXCXpWhbrlN9BcIAKfxUsgLvYU+YSRPzMiivlVP j1Y5I+oI0b5lPxnp1nPMXlzsAlxFjXgybvuR+w7SyTzUZ+w3+519nHEbWsKgBL9o u9MXY0nt5qWtNQxZVzxlmWmVNnT3BOO+LHAZF1JUwysOdWyunfx1AMstxBeyhJDz BTlu1WPdS1R+SpSjZb/LzADKelxt1LnVaonmXFENzG1bPR3O/rp81EppG7tM/wq2 xNYgiZy3QOmcrAwGyh7SoThtH6CAiQaAnlDBZZx6aa0ORmtosgugt74A2gN7IQcK +9Vl9doMjJZ4NZ6YcATfRQk3BxgBEaQoWDETshBbEs/LvUkCo1h4m8tgx3jU94Q= =IU8O -----END PGP SIGNATURE-----