This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-plone_12.1-1_amd64.tar.gz.sig gpg: Signature made Tue Jun 4 15:28:32 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 660257fbab7950f1f54b064fee6f40d74d8e4913 * md5sum 3bcf47bb84f48c57bc1dbf72c10dfe2e You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrgeXAAoJEIXCXpWhbrlNxhsIAKvq7aHg6icEPeprAcXBl2+d 6ql+PihrU/EEynV5bbQzeAglWlo/r0lOcOq2kc5o48Mg05jKFbX2h9/mj7ttoQDb zVNpOb8n15mj2ZCboXt8OjsYB6IV6E5fo+m0DheY5i549I1p7iSzgqL9XDCBIKlI JkwoKPq1YFgCy//bPNm4agM311YlZQ16IXQRHHo5FNu88OrFaP1ImpHgXQ4MSQ9y 4bWdkJDqxx6sWg1nTA//GpOUPdqCJa2SKF+xGdG+NEy31AG91nDedwP3m3M5baph e+CnCzfTgF9PMl/enAoP08N9pIEsAW3ted/0wvDq5Dpjt1uDFCcKAdtZ4GFuHfE= =/QUU -----END PGP SIGNATURE-----