This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mongodb-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:23:29 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c7fbcec630635342f3f2cd5975ab8734facffd7a * md5sum ec6688f26058c6cc63cb5847b639505a You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3MIAAoJEIXCXpWhbrlNchYH/00dHPtcMpPzhC1ZV+SBC7TP XvpSSOAYbQoY3+Lf6F8RHuRcsZpFEinHtSo2GrD/0yR++vFkPAiCzXxE3HymfMnq Hk7qIoaA0issFFpwZEi6J5wN58U2gaKzzDbUL5QTmUAIjxxCMUNll+0tFpfWwOHN p5TKmq8rq0eFnc7L5aM4bISUuP5/my3BM8U7/c+87OMootLSaKP8YTVhcD0Qstfl 182YLWvMm3yk8hjadGUOWIe2VqhGUkLkR18qlQlgI3+GqBA0uzPL4r7hc0zkdUPi hLHEkTnCkVufiqfvUiKBCB3gSAXDCu4o/SUMmmdwqXbrP4p/3r0+qNuioIJe8ew= =I2/r -----END PGP SIGNATURE-----