This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-mahara-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:15:19 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 4470e2a1ad576f2f395ed03fd9cd86ec14e43c58 * md5sum 612130aa7d59506d45939265e6244150 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3EgAAoJEIXCXpWhbrlNfecIAOQ9Rpkijz5yJVI6uzKfZ9aK /NibI5kvtK3GZGy+cgjg2P1eSmLCymvRGVwjZ88lAnaOi3ZK0g4SxKB5PVHE8ZUW N0tmQIMLzci4Oz76Apha5GXrr6KhiupGQxg1d6O8Le8dfZ1uAFEQHYIfo7l4/sQs udzVhHRgsUiAoNjKiKz/+LBaF61jbN/zi3NK42oQqitMKvwUwAB7hTg/dUmO2at9 oigsZrmsZChQHrKDKwS75R6reKmaJOvJlKc55go6zs/VMA6Emy4hi7Tz6imZgWtx FplmruQB7sjB5SaONUkNYUjF90erdWbDe7LZmOGczofoNRch7FT5li9i1qepYLw= =eoTe -----END PGP SIGNATURE-----