This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-phreedom-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 23:35:42 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9ebe42739c6638ec65bfde5fd93a7efb6e7a0f83 * md5sum ec4f04c265f587d8bbb2ec29bb83a9a6 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrnnFAAoJEIXCXpWhbrlNh6EH/37ixM17Swwm4UjO7fsCYsn9 UC9M0p60FJl/HWvxJYZXGd35Um9Fu3juvuhh/tQ06Jn5UPqKtJ0YR9HJsHlL4Gv0 s2zN8XFrTKXH821f+urhL++VZSthpSYrIX1TfU+U1oAZPmepID0/1IHWFHXYjbfu yxoEmo35PvAsJ6U2iY/18H7BdTkFfmeHQ/A/IF9y4rDDNKdiYxhAUF/3eGMfz/ph pu1L04nPb+xSqoLOkEF+ntJFVqxa/SDturhVStf6CO3o+OcxVt5luFemyA7c8s+N UTKUPWif2QUey50M69FG96CzalcfMalqM4Nzv/mz0JoA55f5Y57YwuvEzqP6aAw= =Msng -----END PGP SIGNATURE-----