This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify debian-7-turnkey-phpnuke_13.0-1_amd64.tar.gz.sig gpg: Signature made Wed Oct 16 09:44:24 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5254b10e28f08e7e90b8530faab7f500a6a18d59 * md5sum fb39866e27a6c9ba37a6e3d5fe0bbdf4 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSXl/xAAoJEIXCXpWhbrlN0ScH/3WeLqWDlqT/3/BA+JwkaS91 De/1PI6T2tOJBDc8SNQ9scGuI/3LjCaXNcTDKPy+M/CksSqsubpW0PZJp9g8nAf6 +4eDbp8/bCf3JwYQqJNupllVIHBRCjNgrR3lbZ1P9qxK5lG86n2NM1agyhJHJ6m7 JD7d292SNvvWVLJCrNzeYtJsq9qHe+/LFerSX0UzfE2uW/EOtqwnhH17fDEd6rLP wMnF7FdrFlI2gBlZhZuPeXjhWPFRCZw4qYCBsF4qWtY8lggvLJMtlJRXEf1HQis5 8R/vzfJDGGIKxGqQB3Fj+mM806EBMCAXmP6NIWHiASCP2MDruMyDG3nMSbIZ2Uk= =FjBZ -----END PGP SIGNATURE-----