This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-roundup_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 18:40:36 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 95b3000f7763c666e504c4709d428c82d1ca390e * md5sum f4da5ea6b2937cee78397d376d7f223e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXYweAAoJEIXCXpWhbrlN4doIAKXhzJG7MYLlChpuDMs50PrN emwx88AMklIkout6YKlGGUgmUozgj2vOWLByK+G648Z0o8ZZknWvS2MxvjVeeMEm nJhXyjUiAyX4sfa+9P1zWykDIvmlnWXR/RBzGk5F02dOMqtcdMYHEI08XxZPScsP GhDdjqjAyezK/rbS20xtXQiyH0adULLDCCJFWJFVhRgUShJL/2zV1IimXM3fLxAs Q5uiuUfUnrHMJyCcGn+Rq+gBMb49hQdnLnB9OwWjMO9ndpz64UpNmKCLZuKpAc+x aAyh49V9XYecAW8P/cklGCPAMwTKJ53By0y/8WJTzWMgXsin9uOW+NjN1+UJmw0= =il6H -----END PGP SIGNATURE-----