This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-piwik_12.0-1_i386.tar.gz.sig gpg: Signature made Tue Aug 21 14:31:46 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 643466adb1be3f9a782a22472e4147f7e321018b * md5sum a80c14894b58dc264c5384d502b14d8e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM5vKAAoJEIXCXpWhbrlN1tkIAOXV6Bf9JhLw5AokdVyAVv9Z qC5GsB1fs7nEeJQeT/pwmnoa8sk6Nyw2hrpRLIZJMyjd5v7q+njjBd3OtVjOa6FY 2nQo8D1ne0ZaVXtPPoQtnGP8OyTbX6BFHzxioHrCfWbLgnXL5enqJNx/gU8sh9xT xcrIIQ1NP+dEVZmAoVEE+k6AiJDf6wYPo0sRnhYbw3Jn0zyBHzhMCY8Wk46cVnYi O4YKonN63eBhakHzedUzESgBccjlmwexegcCBI0zihJtDj/lFy4JEDB8kYeYSWws IOAaVoPTcSFx1lnV7TyvAI3RoA08KUeAJBPrlP++l4oynrhK1J62HsFqxRff4CA= =sPsj -----END PGP SIGNATURE-----