This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-drupal7-13.0-wheezy-amd64-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 08:56:09 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 76f7e92c5a4fd393d8337771012bc0acf7811bde * md5sum c0828acefbd5b50ac964e9a66db649d1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc2yjAAoJEIXCXpWhbrlNqQ0IAIRz8zdbLWDqeuhRGR3oHtAk bEWFMr0/zaMJX1B5oeT/k2tf5LYIAQ9l0KO3M1Dj8lbvHvZr5IuW34/NSTXHpXgN Rm0lVIsysqB0yuce1q8EdD05/gc3liUSq/vqsUe2xmxAQnjVDuSHm9kzE3j/hadf 8Clthz8F/A2WwFAccFf2hglctOHAwvyGRd78KGpaoXCqyV1Yp/c6fMJzcmS9xdXv OSqAhZu/7L84LXxkNpSjPKzU53ctJ+IunVdsrjoQIM4EDCLqhYDuzJKCpvWuyizq 5N1A51ULySyzDmYVxr5YKymECURHMWx6EcQl3CGEiozeZpS+iDQQiKJ1elhpDYQ= =yftL -----END PGP SIGNATURE-----