This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-tkldev_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 19:30:46 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3e0682977df8e0a3d16dcd2cadc6b4bd099ac2f0 * md5sum c8ee4c0252be1c236763b6f9cf133d6a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXZffAAoJEIXCXpWhbrlN8u0H/2v6cwEa/bzOQjICyayZTm9x p6jj95AYVTrZKmt5J8eRtrRBof97UQ4eZYpbKggx2oyTyxeMmjnwGTc/+8kZZhgU iyX4xiP14OzTjo5AqCERJxyR7TMgTcsS2FTBTYh5N/QYb6TIZmhX2pFLf9E0K3HX o5bjvRyjPPvh0d34zvoK6e7PXCdX+GiWFq4rmdRzDtPAVWPSGwFtyO2GIV5Y1e7Q 6FXjlx8gdefRW0e3NXhDwXozHn5I6CgG0ryyPKQQqTB/K/JUJeKHvkBjl1oYsfv1 EtVTUJDmZBtBmtMRX351tjBWl7VrilNLPYC8jl/sn8mQKD8Dk/OgBpMbyNLyej0= =GwU1 -----END PGP SIGNATURE-----