This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-drupal7_13.0-1_i386.tar.gz.sig gpg: Signature made Tue Oct 15 15:38:27 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 9523ca5cff0376b747bc0d5d27b971bb0bdb2f5d * md5sum 2fedd1ebe457d019648aeb0396c4b782 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXWFrAAoJEIXCXpWhbrlNnxQH/1bCKtn7FCvVuYbsRv34dswm oqHMZnO4jgZBI6RFvsryZfe8QMgPZDyWFFbHUqiF3jodwXLhZuDFbOzRbZaX1kvV eG9XJDbakXoOnM9sNmhKLYpoliMsSxKpzlXEpGMg3S2Dw8diNfDZfmv0kGNiPKop N6qvCq6ULhPsxPIMRB3Y5U+3hWzhZb0YoUHWi7IwePpkyOohvjRhOavQ0wfhG5Re 6KLPOctFDRc87eUGjdpbDjtI58yc3yOv4trimbEMLYVwzPAq057tm6pPyQk+T8aa A9ubhlG0Fgc2z34vP0Qi3H8wlA15ezQh89kstpwBU4SkfJEAHH+lH7f32JmEYnU= =znbg -----END PGP SIGNATURE-----