This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-6-turnkey-trac_12.1-1_i386.tar.gz.sig gpg: Signature made Wed Jun 5 00:48:11 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 3c17efd164b8528a16b8bcb4870ed36ffe459fc4 * md5sum c30ce1ce1f4c5ad2b57173f32754c2be You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrorDAAoJEIXCXpWhbrlN/4MIALGOSG2w+Xu+dkeXalt1RBfm Kc8tYAaSONPbAzrSstoN++ngWG1Hlm4og4d6qnfVT09Xtahyx3tpEVVBsEWOGzw/ 7VXd06ONM3DHs/7xzSY6kwMm2O5vKHuf55Z8wmXKVEeup6jWedQp2RELzBjjByT8 r/NI1EW8fF2diYxjwd11n2lvFDR47aocA53G89q6vsVV2qo1zmNUI4lRrPctzb9I 9ifzOVcdOG1xrzzHV+W+wc9iLYQ1uhkNkhrCvC/hQSd9/t/k0a3ZD/OWA0Qavk9p JmO8756zgk+wU9eX3oltvytc/8+uUL1UrtSh7U/Bh+U9PRpy+0BoOQjtEsbgH5c= =fx6F -----END PGP SIGNATURE-----