This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-plone_13.0-1_amd64.tar.gz.sig gpg: Signature made Wed Oct 16 10:00:51 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 2157fce62753713271088fa4e5d057bafac4c604 * md5sum 04c377467972a7b73b102b17007e058b You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXmPLAAoJEIXCXpWhbrlNFB0IANCK+tkSTwiYdAx7lFEC593G 5zE9khvn5EXFOuFS/iUrCmSXJAPsvu0hAFVOj6nJzdA2P5ijCkgq8chiXmE17lOI M/8PQqR+/6m6aEoMCI/WLWkGPflftBYr+ts9adfz0KqZ1/ULPUfxjZE/BM6V1npE DQeo1BWCI6r+4aM8z28bUz3yF9WTuy0eB62702LgD7D0/7RCinqn0NH1mXWvXzl1 OZWpls283/YlcVq9QPgzhI7yUzvGjvOEblzzzh3u7CIRnt15v0/I6wnWEPhnu5w3 OPpad3nCWuKMgzxwOSW4QXReHytORYT2qt10TyqSO7rGUWJ0jefO9vrzbaSdB8Q= =EvfT -----END PGP SIGNATURE-----