This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-nginx-php-fastcgi-12.1-squeeze-amd64-xen.tar.bz2.sig gpg: Signature made Tue Jun 4 14:54:12 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 512d2f9291f7bbc64ec870c2ccb8338b3c28db2e * md5sum 1b5e9d4a650d5d90b17495534246acd5 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrf+OAAoJEIXCXpWhbrlNay4IALezps5DhelKLu4lSXhe3g1y SLPQUNiHpaTCpHyYhW3kZG4Iv7rPJsGuDbXfIyhJPZNXjS73wNmckdWFRagFzbKk tDhzDupJ7OhGmAQwAtkSQvzVrCLpmLjHkL3ULc7zspsTeamk18kncVrukuPWR1d5 b+qxZiNKuCBaasy+GhlOXfXQKASWVg2YbVqEzUlV++vg9gfprt2y3UYBnSV2V7/R gCShaDQ84dHRUF1RzlFBeeZx/1O0Q+JZaG8ygl20JQIoODEYbIU4mqmW4d2dqpHh NsbAx57J1CSIF42lqr0V6+aruWl2CYNRsYpCx+mT+b3arKW7n4EGOzUodOBjj5M= =u0B5 -----END PGP SIGNATURE-----