This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-rails_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 18:33:44 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum bea0008feb6eb438555bed2c01827148f4529e04 * md5sum 3651a8edb6af812fc8f549962151ced0 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYp7AAoJEIXCXpWhbrlNlwsH/iWyx+dm+ZIEnLkmfauJcdhe RZ36knkTS8EWWRK0bO2GF51T90uKBubidiu3GxDotmbz0ZnPKeGgZEIgEZVgX+xP /3hITgPm6Av4n0QAI6TBYIFS4rA0kLAhSsQVEnFsm59l2oqGXCTWu/h6DkX0TDHm 6m12ZNtIrVLu60SxhI/wbveV0d1+eM8KTP3rCqbNvJyDuX2rv5qbgyg72QIGVLKV Km4nEUSe4d/F8sZ4S4dTWmYmAoZymT4qKbqQgg4fMxup5uN3lTX/gPd9WMgbLsk0 FDEPq/z1XpbhSoKkm9m1RCn5GdOWXs0pEVAR+4MmiltdOrLMI3VRJ3o9vyPvAD4= =x3m5 -----END PGP SIGNATURE-----