This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-bugzilla-12.0-squeeze-x86-xen.tar.bz2.sig gpg: Signature made Tue Aug 21 15:14:56 UTC 2012 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key For your convenience we also include file checksums: * sha1sum 648592d6b1074391019f905b2637e5785c4f3639 * md5sum 34c478fc9783fa553dabc5d74ce5ede5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJQM6XnAAoJEIXCXpWhbrlNm8wIAM69GCsnwTNJTNFQ3MnOUwFs +yhzXA3A2mx9ny+UJ47dJuBaonuEJcqiQOQVf1tA1F0g9fi7f3E4Lmsn8NTX6MGc qQehgoXqJfmiCXaSVyHQ02jRRFhhscGCtAKKp1fA7CtpSpF8FHp5wZLKOQV9OXWJ FNzJjlJJga9AMZ+uFg6y4bG68DjT8OW80u4bOApVvwq4vBlF8rEewrdZCShqUiQm UZyh29ctKgl1i92Lvu44NkF7yNB9Q2uDtmHs1P4oWbP7Y+m2VUOHNbF+WtbGP6P7 5udqEBnxVxtB2duQ+9zOIKLi/+7XhSCmeS9/xkZ8VZSPTt27xGcNsdBD+TxNZ30= =Dq2O -----END PGP SIGNATURE-----