This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-piwik-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 23:41:49 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 1537dec26b0f1e7c64f507409c3cbfa068e88b2d * md5sum 8371a78a7b8078f7ece7ec7aa7d3ddde You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrnsyAAoJEIXCXpWhbrlNd9AIAJsFj8IZpsWa+8XEWLEfvCBi xLok/MraoaAD2FDlcft876V7jynydhiWwGL3SCnWqztq93f1USr+oz0ZyFi1fWOq XvJMqaKSH0pvPDqQZksS+Wz7nerkrJdeWNJJHTPmwma5cKPp44nVhtp1Z7BL0Nf2 y95nB362sSg1d1GySl3RgIUNo+Tyia6fMT6T84g5MmhoXrXj2DZ7u/X6M41BuJJ5 0J2XMAcj0Vjo84hHPUIp7oaYz687STnOaKD38rJkm6GsQNKNskHOCRz3sZJvcJKQ tGwV7xyr8Ah/bWLI0T4gZ5nORh9Hq+qzbFC93VR4/eEiEdTVAQX6OsFsabLXPj8= =wymi -----END PGP SIGNATURE-----